Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-32408 Soffid Console 安全漏洞 — IAM 2.5 Low2025-04-21
CVE-2025-43921 GNU Mailman 安全漏洞 — Mailman 5.3 Medium2025-04-20
CVE-2025-43917 Pritunl Client 安全漏洞 — Pritunl-Client 8.2 High2025-04-19
CVE-2024-49808 IBM Sterling Connect:Direct Web Services improper authorization — Sterling Connect:Direct Web Services 6.3 Medium2025-04-18
CVE-2025-3453 Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information Exposure — Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content 5.3 Medium2025-04-17
CVE-2025-2564 Unauthorized View Access to Archived Channel Member Info — Mattermost 4.3 Medium2025-04-16
CVE-2025-27571 Channel metadata visible in archived channels despite configuration setting — Mattermost 4.3 Medium2025-04-16
CVE-2025-24839 Unauthorized AI bot activation via Wrangler plugin — Mattermost 3.1 Low2025-04-16
CVE-2025-2424 Leaked Metadata of Deleted Files via Bookmark Creation — Mattermost 3.1 Low2025-04-14
CVE-2025-32093 Syatem admin profile modification by delegated granular administration role — Mattermost 4.7 Medium2025-04-14
CVE-2025-32068 Revoking authorization of OAuth2 consumer does not invalidate refresh tokens — Mediawiki - OAuth Extension 9.8AICriticalAI2025-04-11
CVE-2025-24866 Unauthorized Access to User Activity Logs API by delegated granular administration roles — Mattermost 2.7 Low2025-04-10
CVE-2025-26330 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 7.0 High2025-04-10
CVE-2025-27188 Adobe Commerce | Incorrect Authorization (CWE-863) — Adobe Commerce 4.3 Medium2025-04-08
CVE-2025-31331 Authorization Bypass vulnerability in SAP NetWeaver — SAP NetWeaver 4.3 Medium2025-04-08
CVE-2025-31481 GraphQL query operations security can be bypassed — core 7.5 High2025-04-03
CVE-2025-27427 Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission — Apache ActiveMQ Artemis 6.5 -2025-04-01
CVE-2025-31673 Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002 — Drupal core 6.5 -2025-03-31
CVE-2025-30155 Tuleap does not enforce read permissions on parent trackers in the REST API — tuleap 4.3 Medium2025-03-31
CVE-2025-30209 Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin — tuleap 5.3 Medium2025-03-31
CVE-2025-2242 Incorrect Authorization in GitLab — GitLab 7.5 High2025-03-27
CVE-2025-30741 Pixelfed 安全漏洞 — Pixelfed 4.3 Medium2025-03-25
CVE-2025-30163 Node based network policies may incorrectly allow workload traffic — cilium 3.4 Low2025-03-24
CVE-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers — cilium 3.2 Low2025-03-24
CVE-2025-24920 Unauthorized Bookmark Creation and Modification in Archived Channels — Mattermost 4.3 Medium2025-03-21
CVE-2025-30179 MFA Enforcement Bypass in Search APIs — Mattermost 4.3 Medium2025-03-21
CVE-2025-25274 Unauthorized Command Execution in Archived Channels — Mattermost 4.3 Medium2025-03-21
CVE-2025-27933 Unauthorized Private-to-Public Channel Conversion — Mattermost 5.4 Medium2025-03-21
CVE-2025-27715 Auto-Enrollment of Team Admins into Private Channels without explicit consent — Mattermost 3.3 Low2025-03-21
CVE-2024-7039 Improper Privilege Management in open-webui/open-webui — open-webui/open-webui 6.5 -2025-03-20

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.