Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-26016 Apache Superset: Improper authorization validation on dashboards and charts import — Apache Superset 4.3 Medium2024-02-28
CVE-2024-24779 Apache Superset: Improper data authorization when creating a new dataset — Apache Superset 5.0 Medium2024-02-28
CVE-2024-24773 Apache Superset: Improper validation of SQL statements allows for unauthorized access to data — Apache Superset 4.9 Medium2024-02-28
CVE-2023-3509 Incorrect Authorization in GitLab — GitLab 3.7 Low2024-02-21
CVE-2024-26145 Uninvited user is able to join and mark the attendance of the the private event — discourse-calendar 6.5 Medium2024-02-21
CVE-2023-46241 Potential account take over due to unverified emails from Microsoft Identity Platform — discourse-microsoft-auth 9.1 Critical2024-02-21
CVE-2024-25604 Liferay Portal和Liferay DXP 安全漏洞 — Portal 6.5 Medium2024-02-20
CVE-2024-25149 Liferay Portal和Liferay DXP 安全漏洞 — Portal 5.4 Medium2024-02-20
CVE-2024-1482 Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution — Enterprise Server 7.1 High2024-02-14
CVE-2024-24966 F5OS vulnerability — F5OS - Appliance 6.2 Medium2024-02-14
CVE-2023-6152 Grafana 安全漏洞 — Grafana 5.4 Medium2024-02-13
CVE-2024-24774 Missing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin) — Mattermost 3.4 Low2024-02-09
CVE-2023-43609 Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authorization — Rosemount GC370XA 6.9 Medium2024-02-09
CVE-2023-51761 Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authentication — Rosemount GC370XA 8.3 High2024-02-09
CVE-2023-6564 Incorrect Authorization in GitLab — GitLab 6.5 Medium2024-02-08
CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes — phpMyFAQ 6.5 Medium2024-02-05
CVE-2023-32967 QTS, QuTScloud — QuTScloud 5.0 Medium2024-02-02
CVE-2023-47142 IBM Tivoli Application Dependency Discovery Manager privilege escalation — Tivoli Application Dependency Discovery Manager 7.5 High2024-02-02
CVE-2024-24573 facileManager Privilege Escalation via Mass Assignment — facileManager 8.8 High2024-01-31
CVE-2024-23653 BuildKit interactive containers API does not validate entitlements check — buildkit 9.8 Critical2024-01-31
CVE-2023-49783 No permission checks for editing/deleting records with CSV import form — silverstripe-admin 4.3 Medium2024-01-23
CVE-2023-44401 Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data — silverstripe-graphql 5.3 Medium2024-01-23
CVE-2024-23329 changedetection.io API endpoint is not secured with API token — changedetection.io 3.7 Low2024-01-19
CVE-2023-4812 Incorrect Authorization in GitLab — GitLab 7.6 High2024-01-12
CVE-2023-5356 Incorrect Authorization in GitLab — GitLab 7.3 High2024-01-12
CVE-2024-21736 Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management) — SAP S/4HANA Finance (Advanced Payment Management) 6.4 Medium2024-01-09
CVE-2024-21735 Improper Authorization check in SAP LT Replication Server — SAP LT Replication Server 7.3 High2024-01-09
CVE-2023-52077 External apps using tokens issued by administrators and moderators can call admin APIs — nexkey 8.9 High2023-12-27
CVE-2023-51649 Nautobot missing object-level permissions enforcement when running Job Buttons — nautobot 3.5 Low2023-12-22
CVE-2023-51380 Incorrect Authorization allows Read Access to Issue Comments in GitHub Enterprise Server — Enterprise Server 2.7 Low2023-12-21

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.