CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-46834	Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook — modular-account	9.1^AI	Critical^AI	2025-05-15
CVE-2025-2570	System Admin Cannot Access Environment settings in System Console While System Manager Can — Mattermost	2.7	Low	2025-05-15
CVE-2025-2527	Improper access control to group information — Mattermost	4.3	Medium	2025-05-15
CVE-2025-3446	Members Without Guest Invite Permissions Can Add Guests to Teams — Mattermost	4.3	Medium	2025-05-15
CVE-2025-43565	ColdFusion \| Incorrect Authorization (CWE-863) — ColdFusion	8.4	High	2025-05-13
CVE-2025-43564	ColdFusion \| Incorrect Authorization (CWE-863) — ColdFusion	9.1	Critical	2025-05-13
CVE-2025-43561	ColdFusion \| Incorrect Authorization (CWE-863) — ColdFusion	9.1	Critical	2025-05-13
CVE-2025-4646	A high privilege user is able to create and use a valid admin API token in centreon-web — web	7.2	High	2025-05-13
CVE-2025-27696	Apache Superset: Incorrect authorization leading to resource ownership takeover — Apache Superset	6.5^AI	Medium^AI	2025-05-13
CVE-2025-46744	Improper Privilege Management — SEL Blueframe OS	2.7	Low	2025-05-12
CVE-2025-46265	F5OS vulnerability — F5OS - Appliance	8.8	High	2025-05-07
CVE-2025-36546	F5OS Appliance Mode vulnerability — F5OS - Appliance	8.1	High	2025-05-07
CVE-2025-3272	Incorrect user authorization vulnerability has been identified in Open Text Operations Bridge Manager. — Operations Bridge Manager	6.5^AI	Medium^AI	2025-05-07
CVE-2025-3476	OpenText Operations Bridge Manager 安全漏洞 — Operations Bridge Manager	8.8^AI	High^AI	2025-05-07
CVE-2025-3609	Reales WP STPT <= 2.1.2 - Unauthorized User Registration — Reales WP STPT	5.3	Medium	2025-05-06
CVE-2025-3879	Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login — Vault	6.6	Medium	2025-05-02
CVE-2025-46569	OPA server Data API HTTP path injection of Rego — opa	5.4^AI	Medium^AI	2025-05-01
CVE-2025-23244	NVIDIA GPU Display Driver for Linux 安全漏洞 — GPU Display Driver, vGPU Software, Cloud Gaming	7.8	High	2025-05-01
CVE-2025-32971	XWiki Solr script service doesn't take dropped programming right into account — xwiki-platform	3.8	Low	2025-04-30
CVE-2025-40619	Improper access control vulnerability in Bookgy — Bookgy	9.1^AI	Critical^AI	2025-04-29
CVE-2025-3647	Moodle: idor when accessing the cohorts report	4.3	Medium	2025-04-25
CVE-2025-3645	Moodle: idor in messaging web service allows access to some user details	4.3	Medium	2025-04-25
CVE-2025-3644	Moodle: ajax section delete does not respect course_can_delete_section()	4.3	Medium	2025-04-25
CVE-2025-3861	Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions — Prevent Direct Access – Protect WordPress Files	5.4	Medium	2025-04-25
CVE-2025-46544	Sherpa Orchestrator 安全漏洞 — Orchestrator	6.4	Medium	2025-04-25
CVE-2025-41423	Unauthorized Playbooks Post Deletion in Mattermost Playbooks Plugin — Mattermost	3.1	Low	2025-04-24
CVE-2024-10306	Mod_proxy_cluster: mod_proxy_cluster unauthorized mcmp requests	5.4	Medium	2025-04-23
CVE-2024-12862	REST API allows users without permissions to remove external collaborators — Content Server	4.3	-	2025-04-21
CVE-2025-3838	Improper Authorization in the installer for the EOL OVA based connect component — OVA based Connect	8.8	-	2025-04-21
CVE-2025-43922	FileWave Windows client 安全漏洞 — FileWave	8.1	High	2025-04-21

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-863 (授权机制不正确) — Vulnerability Class 1242