Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-32470 Tolgee' API keys created by server admin users bypass the permission check — tolgee-platform 6.5 Medium2024-04-18
CVE-2023-25043 WordPress Data Tables Generator by Supsystic Plugin <= 1.10.25 is vulnerable to Broken Access Control — Data Tables Generator 5.0 Medium2024-04-17
CVE-2024-31452 OpenFGA Authorization Bypass — openfga 8.1 High2024-04-16
CVE-2024-1738 Incorrect Authorization in lunary-ai/lunary — lunary-ai/lunary 5.9 -2024-04-16
CVE-2024-31990 Argo CD' API server does not enforce project sourceNamespaces — argo-cd 4.8 Medium2024-04-15
CVE-2024-27309 Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode — Apache Kafka 4.4 -2024-04-12
CVE-2024-1740 Incorrect Authorization in lunary-ai/lunary — lunary-ai/lunary 7.1AIHighAI2024-04-10
CVE-2024-1741 Improper Authorization in lunary-ai/lunary — lunary-ai/lunary 8.8AIHighAI2024-04-10
CVE-2024-29834 Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints — Apache Pulsar 6.4 Medium2024-04-02
CVE-2024-31134 JetBrains TeamCity 安全漏洞 — TeamCity 6.5 Medium2024-03-28
CVE-2024-29892 ZITADEL's actions can overload reserved claims — zitadel 6.1 Medium2024-03-27
CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model — Elasticsearch 4.4 Medium2024-03-27
CVE-2023-6400 Incorrect user authorization vulnerability on OpenText ZENworks Configuration Management (ZCM) product. — ZENworks Configuration Management (ZCM) 7.4 High2024-03-27
CVE-2024-27105 Frappe File Permissions can by bypassed using certain endpoints — frappe 8.1 High2024-03-20
CVE-2024-22412 ClickHouse's Role-based Access Control is bypassed when query caching is enabled. — ClickHouse 2.4 Low2024-03-18
CVE-2024-1479 WP Show Posts <= 1.1.4 - Information Exposure — WP Show Posts 5.3 Medium2024-03-13
CVE-2024-1452 GenerateBlocks <= 1.8.2 - Sensitive Information Exposure — GenerateBlocks 4.3 Medium2024-03-13
CVE-2024-28098 Apache Pulsar: Improper Authorization For Topic-Level Policy Management — Apache Pulsar 6.4 Medium2024-03-12
CVE-2023-45793 Siemens Siveillance Control 安全漏洞 — Siveillance Control 5.5 Medium2024-03-12
CVE-2024-22133 Improper Access Control in SAP Fiori Front End Server — SAP Fiori Front End Server 4.6 Medium2024-03-12
CVE-2024-28229 JetBrains YouTrack 安全漏洞 — YouTrack 6.5 Medium2024-03-07
CVE-2024-0199 Incorrect Authorization in GitLab — GitLab 7.7 High2024-03-07
CVE-2024-27933 Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass — deno 8.3 High2024-03-06
CVE-2024-27915 Sulu grants access to pages regardless of role permissions — sulu 6.8 Medium2024-03-06
CVE-2024-27288 1Panel open source panel project has an unauthorized vulnerability. — 1Panel 6.3 Medium2024-03-06
CVE-2024-24761 Galette public pages accessibility restriction — galette 7.5 High2024-03-06
CVE-2024-28174 JetBrains TeamCity 安全漏洞 — TeamCity 5.8 Medium2024-03-06
CVE-2024-27138 Apache Archiva: disabling user registration is not effective — Apache Archiva 7.5 -2024-03-01
CVE-2024-27139 Apache Archiva: incorrect authentication potentially leading to account takeover — Apache Archiva 9.1 -2024-03-01
CVE-2023-47716 IBM FileNet Content Manager privilege escalation — Filenet Content Manager 6.3 Medium2024-03-01

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.