Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-34106 Insecure Direct Object Reference - An attacker can able to erase the victim quote details — Adobe Commerce 5.3 Medium2024-06-13
CVE-2024-37300 Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 — oauthenticator 8.1 High2024-06-12
CVE-2024-36265 Apache Submarine Server Core: authorization bypass — Apache Submarine Server Core 7.5AIHighAI2024-06-12
CVE-2024-2698 Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service 8.8 High2024-06-12
CVE-2024-0160 Dell Client Platform 安全漏洞 — CPG BIOS 6.8 Medium2024-06-12
CVE-2024-2473 WPS Hide Login <= 1.9.15.2 - Login Page Disclosure — WPS Hide Login 5.3 Medium2024-06-11
CVE-2024-4146 Incorrect Authorization in lunary-ai/lunary — lunary-ai/lunary 9.8 Critical2024-06-08
CVE-2024-3404 Improper Access Control in gaizhenbiao/chuanhuchatgpt — gaizhenbiao/chuanhuchatgpt 4.3AIMediumAI2024-06-06
CVE-2024-3504 Improper Access Control in lunary-ai/lunary — lunary-ai/lunary 4.9AIMediumAI2024-06-06
CVE-2024-3033 Improper Authorization in mintplex-labs/anything-llm — mintplex-labs/anything-llm 8.2AIHighAI2024-06-06
CVE-2024-32983 Misskey allows the impersonation and takeover of remote accounts with unnormalized signed activities — misskey 8.2 High2024-06-03
CVE-2024-36377 JetBrains TeamCity 安全漏洞 — TeamCity 6.5 Medium2024-05-29
CVE-2024-36376 JetBrains TeamCity 安全漏洞 — TeamCity 6.5 Medium2024-05-29
CVE-2024-36365 JetBrains TeamCity 安全漏洞 — TeamCity 6.8 Medium2024-05-29
CVE-2024-36364 JetBrains TeamCity 安全漏洞 — TeamCity 6.5 Medium2024-05-29
CVE-2024-36037 Insufficient Access Control Vulnerability — ADAudit Plus 5.5 Medium2024-05-27
CVE-2024-27312 Authorization vulnerability in PAM360 — PAM360 8.1 High2024-05-20
CVE-2024-3745 MSI Afterburner v4.6.6.16381 Beta 3 - ACL Bypass — MSI Afterburner 7.8 High2024-05-18
CVE-2024-34434 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerability — WordPress Meta Data and Taxonomies Filter (MDTF) 6.5 Medium2024-05-17
CVE-2024-35187 Stalwart Mail Server has privilege escalation by design — mail-server 9.1 Critical2024-05-16
CVE-2024-31409 CyberPower PowerPanel business Incorrect Authorization — PowerPanel business 6.5 Medium2024-05-15
CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester — CreateWiki 5.9 Medium2024-05-13
CVE-2024-31441 Arbitrary File Reading in DataEase — dataease 7.5 High2024-05-10
CVE-2024-3722 Swift Performance Lite <= 2.3.6.18 - Incorrect Authorization to Authenticated (Subscriber+) Settings Modification — Swift Performance Lite 5.4 Medium2024-05-09
CVE-2024-34346 Deno contains a permission escalation via open of privileged files with missing `--deny` flag — deno 8.5 High2024-05-07
CVE-2024-28148 Apache Superset: Incorrect datasource authorization on explore REST API — Apache Superset 4.3 Medium2024-05-07
CVE-2023-42124 Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability — Premium Security 7.8 -2024-05-03
CVE-2024-2378 Hitachi Energy SDM600 安全漏洞 — SDM600 8.0 High2024-04-30
CVE-2023-50363 QTS, QuTS hero — QTS 7.4 High2024-04-26
CVE-2024-4006 Incorrect Authorization in GitLab — GitLab 4.3 Medium2024-04-25

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.