CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-10015	TCC Bypass via Downloader XPC Service in Sparkle — Sparkle	6.6^AI	Medium^AI	2025-09-16
CVE-2025-43789	Liferay Portal和Liferay DXP 安全漏洞 — Portal	9.8	-	2025-09-12
CVE-2025-43784	Liferay Portal和Liferay DXP 安全漏洞 — Portal	4.3^AI	Medium^AI	2025-09-10
CVE-2025-58134	Zoom Workplace Clients for Windows - Incorrect Authorization — Zoom Workplace Clients for Windows	4.3	Medium	2025-09-09
CVE-2025-54246	Adobe Experience Manager \| Incorrect Authorization (CWE-863) — Adobe Experience Manager	6.5	Medium	2025-09-09
CVE-2025-48042	Before action hooks may execute in certain scenarios despite a request being forbidden — ash	8.8^AI	High^AI	2025-09-07
CVE-2025-23262	NVIDIA ConnectX 安全漏洞 — ConnectX GA	6.3	Medium	2025-09-04
CVE-2025-23256	NVIDIA BlueField 安全漏洞 — BlueField GA	8.7	High	2025-09-04
CVE-2025-7974	rocket.chat Incorrect Authorization Information Disclosure Vulnerability — rocket.chat	7.5	-	2025-09-02
CVE-2025-41031	Multiple vulnerabilities in Deporsite by T-INNOVA — Deporsite	5.3^AI	Medium^AI	2025-09-02
CVE-2025-41030	Multiple vulnerabilities in Deporsite by T-INNOVA — Deporsite	5.3^AI	Medium^AI	2025-09-02
CVE-2025-3586	Liferay Portal和Liferay DXP 安全漏洞 — Portal	7.2^AI	High^AI	2025-09-01
CVE-2025-54877	Tuleap's special and always there fields permissions are not verified in cross-tracker search — tuleap	5.3	Medium	2025-08-29
CVE-2025-25010	Kibana privilege escalation via reporting_user role — Kibana	6.5	Medium	2025-08-28
CVE-2025-9376	Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 11.58 - Insufficient Authorization to Unauthenticated Blocklist Bypass — Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection	6.5	Medium	2025-08-28
CVE-2025-5187	Nodes can delete themselves by adding an OwnerReference — Kubernetes	6.7	Medium	2025-08-27
CVE-2025-1501	Incorrect authorization for traces request/download in CMC before 25.1.0 — CMC	4.3	Medium	2025-08-26
CVE-2025-36157	IBM Engineering Lifecycle Management incorrect authorization — Engineering Lifecycle Management	9.8	Critical	2025-08-24
CVE-2025-53971	Channel and Team Membership APIs inadvertently allow loss of Member privileges. — Mattermost	3.8	Low	2025-08-21
CVE-2025-49810	Thread summarization allows persistent access to channel — Mattermost	3.5	Low	2025-08-21
CVE-2025-57728	JetBrains IntelliJ IDEA 安全漏洞 — IntelliJ IDEA	6.5	Medium	2025-08-20
CVE-2025-9228	Insufficient authorization when creating notes — MiR Robots	4.3	Medium	2025-08-20
CVE-2025-55213	OpenFGA Authorization Bypass (Check) — openfga	9.8	-	2025-08-18
CVE-2025-55205	Capsule tenant owners with "patch namespace" permission can hijack system namespaces label — capsule	9.1	Critical	2025-08-18
CVE-2025-36120	IBM Storage Virtualize privilege escalation — Storage Virtualize	8.8	High	2025-08-18
CVE-2025-7773	Rockwell Automation ArmorBlock 5000 I/O – Web Server Vulnerabilities — 5032-CFGB16M12P5DR	4.3^AI	Medium^AI	2025-08-14
CVE-2024-10219	Incorrect Authorization in GitLab — GitLab	6.5	Medium	2025-08-13
CVE-2025-49556	Adobe Commerce \| Incorrect Authorization (CWE-863) — Adobe Commerce	7.5	High	2025-08-12
CVE-2024-41979	Siemens多款产品安全漏洞 — SmartClient modules Opcenter QL Home (SC)	7.1	High	2025-08-12
CVE-2025-42951	Broken Authorization in SAP Business One (SLD) — SAP Business One (SLD)	8.8	High	2025-08-12

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-863 (授权机制不正确) — Vulnerability Class 1242