Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-32924 OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu — OpenClaw 9.8 Critical2026-03-29
CVE-2026-32923 OpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist Enforcement — OpenClaw 5.4 Medium2026-03-29
CVE-2026-32919 OpenClaw < 2026.3.11 - Unauthorized Session Reset via agent Slash Commands — OpenClaw 6.1 Medium2026-03-29
CVE-2026-32918 OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool — OpenClaw 8.4 High2026-03-29
CVE-2026-32915 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface — OpenClaw 8.8 High2026-03-29
CVE-2026-32914 OpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug Endpoints — OpenClaw 8.8 High2026-03-29
CVE-2026-33884 Statamic's live preview token bypasses content protection for unrelated entries — cms 4.3 Medium2026-03-27
CVE-2026-33869 Mastodon has a denial of service for quote authorization — mastodon 4.8 Medium2026-03-27
CVE-2026-34364 AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php — AVideo 5.3 Medium2026-03-27
CVE-2026-4933 Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029 — Unpublished Node Permissions 7.5 -2026-03-26
CVE-2026-3573 AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028 — AI (Artificial Intelligence) 9.1 -2026-03-26
CVE-2026-3526 File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-021 — File Access Fix (deprecated) 7.5AIHighAI2026-03-26
CVE-2026-3525 File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-020 — File Access Fix (deprecated) 7.5AIHighAI2026-03-26
CVE-2026-33477 FileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other users’ file content — FileRise 4.3 Medium2026-03-26
CVE-2026-33469 Authenticated Frigate users can read the full unredacted configuration via `/api/config/raw — frigate 6.5 Medium2026-03-26
CVE-2026-33015 EVerest has RemoteStop Bypass via BCB Toggle Session Restart — everest-core 5.2 Medium2026-03-26
CVE-2026-33014 EVerest has Delayed Authorization Response Bypasses Termination After RemoteStop — everest-core 5.2 Medium2026-03-26
CVE-2026-29044 EVerest: Charging Continues When WithdrawAuthorization Is Processed Before TransactionStarted — everest-core 5.0 Medium2026-03-26
CVE-2026-3115 Guest users can view group member IDs without respecting view restrictions — Mattermost 4.3 Medium2026-03-26
CVE-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks — etcd--2026-03-26
CVE-2026-4274 Insufficient authorization in shared channel membership sync grants team-level access instead of channel-level access — Mattermost 5.4 Medium2026-03-26
CVE-2026-4263 Incorrect authorization in HiJiffy Chatbot — HiJiffy Chatbot 7.5 -2026-03-26
CVE-2026-4262 Incorrect authorization in HiJiffy Chatbot — HiJiffy Chatbot 7.5 -2026-03-26
CVE-2026-33249 NATS: Message tracing can be redirected to arbitrary subject — nats-server 4.3 Medium2026-03-25
CVE-2026-33217 NATS allows MQTT clients to bypass ACL checks — nats-server 7.1 High2026-03-25
CVE-2026-33722 n8n Has External Secrets Authorization Bypass in Credential Saving — n8n 5.3 -2026-03-25
CVE-2026-33720 n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK — n8n 5.4 -2026-03-25
CVE-2026-2726 Incorrect Authorization in GitLab — GitLab 4.3 Medium2026-03-25
CVE-2026-3210 Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011 — Material Icons 7.5 -2026-03-25
CVE-2026-4363 Incorrect Authorization in GitLab — GitLab 3.7 Low2026-03-25

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.