CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-9159	Incorrect Authorization in gaizhenbiao/chuanhuchatgpt — gaizhenbiao/chuanhuchatgpt	6.5	-	2025-03-20
CVE-2024-9098	Privilege Escalation in lunary-ai/lunary — lunary-ai/lunary	8.1	-	2025-03-20
CVE-2024-10109	Incorrect Authorization in mintplex-labs/anything-llm — mintplex-labs/anything-llm	7.6	-	2025-03-20
CVE-2024-10275	Improper Role Modification by Admins for Billing Permissions in lunary-ai/lunary — lunary-ai/lunary	8.8	-	2025-03-20
CVE-2024-10273	Improper Privilege Management in lunary-ai/lunary — lunary-ai/lunary	6.1	-	2025-03-20
CVE-2025-26853	DESCOR INFOCAD 安全漏洞 — Infocad FM	10.0	Critical	2025-03-20
CVE-2025-1472	Unauthorized View Access to Site Statistics and Team Statistics — Mattermost	4.3	Medium	2025-03-19
CVE-2025-2202	Broken access control vulnerability in the Innovación y Cualificación local administration plugin ajax.php — ajax.php plugin	7.5	-	2025-03-17
CVE-2025-2201	Broken access control vulnerability in the Innovación y Cualificación IcProgreso plugin — IcProgreso plugin	6.5	-	2025-03-17
CVE-2025-30074	Parallels Desktop 安全漏洞 — Parallels Desktop	7.8	High	2025-03-16
CVE-2025-29997	Improper Access Control Vulnerability in CAP back office application — CAP back office application	8.1	-	2025-03-13
CVE-2024-7296	Incorrect Authorization in GitLab — GitLab	2.7	Low	2025-03-13
CVE-2025-0652	Incorrect Authorization in GitLab — GitLab	4.3	Medium	2025-03-13
CVE-2024-55592	Fortinet FortiSIEM 安全漏洞 — FortiSIEM	3.6	Low	2025-03-11
CVE-2024-45328	Fortinet FortiSandbox 安全漏洞 — FortiSandbox	7.1	High	2025-03-11
CVE-2025-27822	Backdrop CMS 安全漏洞 — Masquerade	7.5	High	2025-03-07
CVE-2025-2045	Incorrect Authorization in GitLab — GitLab	4.3	Medium	2025-03-06
CVE-2025-1540	Incorrect Authorization in GitLab — GitLab	3.1	Low	2025-03-06
CVE-2025-2003	Devolutions Server 安全漏洞 — Server	8.8	-	2025-03-05
CVE-2025-0360	AXIS OS 安全漏洞 — AXIS OS	7.8	High	2025-03-04
CVE-2025-0359	AXIS OS 安全漏洞 — AXIS OS	8.5	High	2025-03-04
CVE-2024-2321	Incorrect Authorization in Multiple WSO2 Products Allows API Access via Refresh Token — WSO2 API Manager	5.6	Medium	2025-02-27
CVE-2025-26532	Teachers can evade trusttext config when restoring glossary entries — moodle	3.1	Low	2025-02-24
CVE-2025-26531	IDOR in badges allows disabling of arbitrary badges — moodle	3.1	Low	2025-02-24
CVE-2025-26526	Feedback response viewing and deletions did not respect Separate Groups mode — moodle	6.5	Medium	2025-02-24
CVE-2025-24526	Channel export permitted on archived channel when viewing archived channels is disabled — Mattermost	4.3	Medium	2025-02-24
CVE-2024-5705	Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization — Pentaho Data Integration & Analytics	8.8	High	2025-02-19
CVE-2025-27089	Overlapping policies allow update to non-allowed fields in directus — directus	5.4	Medium	2025-02-19
CVE-2024-45081	IBM Cognos Controller incorrect authorization — Cognos Controller	6.5	Medium	2025-02-19
CVE-2024-57969	MISP 安全漏洞 — MISP	4.3	Medium	2025-02-14

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-863 (授权机制不正确) — Vulnerability Class 1242