CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-53391	zuluCrypt 安全漏洞 — zulucrypt	9.3	Critical	2025-06-28
CVE-2025-6707	Race condition in privilege cache invalidation cycle — MongoDB Server	4.2	Medium	2025-06-26
CVE-2025-5822	Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability — Autel MaxiCharger AC Wallbox Commercial	8.8^AI	High^AI	2025-06-25
CVE-2025-49550	Adobe Commerce \| Incorrect Authorization (CWE-863) — Adobe Commerce	4.3	Medium	2025-06-25
CVE-2025-49549	Adobe Commerce \| Incorrect Authorization (CWE-863) — Adobe Commerce	2.7	Low	2025-06-25
CVE-2025-52890	Incus vulnerable to antispoofing nftables firewall rule bypass on bridge networks with ACLs — incus	8.1	High	2025-06-25
CVE-2024-3511	Incorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned Files — WSO2 Enterprise Integrator	4.3	Medium	2025-06-23
CVE-2025-52487	DNN.PLATFORM possibly allows bypass of IP Filters — Dnn.Platform	8.2^AI	High^AI	2025-06-21
CVE-2025-52918	Yealink YMCS 安全漏洞 — RPS	5.0	Medium	2025-06-21
CVE-2025-3227	Unauthorized channel member management through playbook runs — Mattermost	4.3	Medium	2025-06-20
CVE-2025-3228	Unauthorized Guest user access to Playbook — Mattermost	4.3	Medium	2025-06-20
CVE-2025-5071	AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP — AI Engine	8.8	High	2025-06-19
CVE-2025-49825	Teleport allows remote authentication bypass — teleport	9.8	Critical	2025-06-17
CVE-2025-3880	Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.9.0 - Incorrect Authorization to Authenticated (Contributor+) Plugin Settings Update — Quiz, Poll & Survey Maker by Opinion Stage	4.3	Medium	2025-06-17
CVE-2025-49586	XWiki allows remote code execution through preview of XClass changes in AWM editor — xwiki-platform	8.8^AI	High^AI	2025-06-13
CVE-2025-6003	WordPress Single Sign-On (SSO) - Multiple Versions - Incorrect Authorization to Sensitive Information Exposure — WordPress Single Sign-On (SSO) - Single Site Standard	5.3	Medium	2025-06-12
CVE-2025-48446	Commerce Alphabank Redirect - Moderately critical - Access bypass - SA-CONTRIB-2025-067 — Commerce Alphabank Redirect	9.4^AI	Critical^AI	2025-06-11
CVE-2025-48445	Commerce Eurobank (Redirect) - Moderately critical - Access bypass - SA-CONTRIB-2025-066 — Commerce Eurobank (Redirect)	9.8^AI	Critical^AI	2025-06-11
CVE-2025-4128	Mattermost Guest User Information Disclosure Vulnerability — Mattermost	3.1	Low	2025-06-11
CVE-2024-8270	macOS Rocket.Chat: TCC Policy Bypass via Dylib Injection Due to Missing Code Signing Flags and Dangerous Entitlements — Rocket.Chat Desktop	5.5	Medium	2025-06-10
CVE-2024-7457	macOS Stash network-management utility: Unauthorized Manipulation of System Network Preferences — Stash	7.8	High	2025-06-10
CVE-2025-36578	Dell Wyse Management Suite WMS 安全漏洞 — Wyse Management Suite	6.8	Medium	2025-06-10
CVE-2025-40568	Siemens多款产品安全漏洞 — RUGGEDCOM RST2428P	4.3	Medium	2025-06-10
CVE-2025-40567	Siemens多款产品安全漏洞 — RUGGEDCOM RST2428P	6.5	Medium	2025-06-10
CVE-2025-40670	Incorrect Authorization vulnerability in TCMAN GIM — GIM	9.8^AI	Critical^AI	2025-06-09
CVE-2025-40669	Incorrect Authorization vulnerability in TCMAN GIM — GIM	8.1^AI	High^AI	2025-06-09
CVE-2025-40668	Incorrect Authorization vulnerability in TCMAN GIM — GIM	8.1^AI	High^AI	2025-06-09
CVE-2025-49599	Huawei多款产品安全漏洞 — EG8141A5	4.1	Medium	2025-06-06
CVE-2025-48935	Deno has --allow-read / --allow-write permission bypass in `node:sqlite` — deno	8.1^AI	High^AI	2025-06-04
CVE-2025-48888	Deno run with --allow-read and --deny-read flags results in allowed — deno	7.1^AI	High^AI	2025-06-04

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-863 (授权机制不正确) — Vulnerability Class 1242