CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-8533	Incorrect Authorization of XPC Service in Fantastical.app — Fantastical	7.8^AI	High^AI	2025-08-07
CVE-2025-20332	Cisco Identity Services Engine Authorization Bypass Vulnerability — Cisco Identity Services Engine Software	4.3	Medium	2025-08-06
CVE-2025-54253	Adobe Experience Manager \| Incorrect Authorization (CWE-863) — Adobe Experience Manager	10.0	Critical	2025-08-05
CVE-2025-20701	Airoha Bluetooth audio SDK 安全漏洞 — AB156x, AB157x, AB158x, AB159x series	9.8^AI	Critical^AI	2025-08-04
CVE-2025-54554	Tera Insights tiCrypt 安全漏洞 — tiCrypt	5.3	Medium	2025-08-04
CVE-2025-8068	HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions — HT Mega Addons for Elementor – Elementor Widgets & Template Builder	4.3	Medium	2025-07-31
CVE-2025-54583	GitProxy bypasses approvals when pushing multiple branches — git-proxy	9.1^AI	Critical^AI	2025-07-30
CVE-2025-53902	Tuleap exposes artifacts to a mentioned user via email notifications — tuleap	4.3	Medium	2025-07-29
CVE-2025-54532	JetBrains TeamCity 安全漏洞 — TeamCity	4.3	Medium	2025-07-28
CVE-2025-54533	JetBrains TeamCity 安全漏洞 — TeamCity	4.3	Medium	2025-07-28
CVE-2025-54569	Malwarebytes Binisoft Windows Firewall Control 安全漏洞 — Binisoft Windows Firewall Control	4.5	Medium	2025-07-28
CVE-2025-54596	Abnormal Security API 安全漏洞 — Abnormal Security	4.3	Medium	2025-07-25
CVE-2025-0765	Incorrect Authorization in GitLab — GitLab	4.3	Medium	2025-07-24
CVE-2025-6018	Pam-config: lpe from unprivileged to allow_active in pam	7.8	High	2025-07-23
CVE-2025-29757	Growatt cloud service 安全漏洞 — https://oss.growatt.com	6.5	-	2025-07-19
CVE-2025-53943	VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution — VoidBot_open-source	8.8^AI	High^AI	2025-07-16
CVE-2025-6981	Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized read-only access — Enterprise Server	7.5^AI	High^AI	2025-07-15
CVE-2025-53895	ZITADEL has broken authN and authZ in session API and resulting session tokens — zitadel	8.1^AI	High^AI	2025-07-15
CVE-2025-53836	XWiki Rendering is vulnerable to RCE attacks when processing nested macros — xwiki-rendering	10.0	Critical	2025-07-14
CVE-2025-6549	Junos OS: SRX Series: J-Web can be exposed on additional interfaces — Junos OS	6.5	Medium	2025-07-11
CVE-2025-3396	Incorrect Authorization in GitLab — GitLab	4.3	Medium	2025-07-10
CVE-2025-4972	Incorrect Authorization in GitLab — GitLab	2.7	Low	2025-07-10
CVE-2025-6168	Incorrect Authorization in GitLab — GitLab	2.7	Low	2025-07-10
CVE-2025-49536	ColdFusion \| Incorrect Authorization (CWE-863) — ColdFusion	7.3	High	2025-07-08
CVE-2025-20300	Improper Access Control Lets Low-Privilege Users Suppress Read-Only Alerts in Splunk Enterprise — Splunk Enterprise	4.3	Medium	2025-07-07
CVE-2025-26850	Quest Software Quest KACE Systems Management Appliance 安全漏洞 — KACE Systems Management Appliance	9.3	Critical	2025-07-04
CVE-2025-0885	Incorrect Authorization vulnerability affects OpenText™ GroupWise — GroupWise	4.3^AI	Medium^AI	2025-07-03
CVE-2025-47871	Mattermost Playbooks exposes private channel metadata to unauthorized users via run metadata API — Mattermost	4.3	Medium	2025-06-30
CVE-2025-46702	Mattermost Playbooks allows privilege escalation through improper access control in playbook run participant management — Mattermost	5.4	Medium	2025-06-30
CVE-2025-32462	Sudo 安全漏洞 — Sudo	2.8	Low	2025-06-30

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-863 (授权机制不正确) — Vulnerability Class 1242