Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-32021 OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom — OpenClaw 6.5 Medium2026-03-19
CVE-2026-32005 OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip — OpenClaw 6.8 Medium2026-03-19
CVE-2026-32006 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group Allowlist — OpenClaw 3.1 Low2026-03-19
CVE-2026-32001 OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication — OpenClaw 5.4 Medium2026-03-19
CVE-2026-33410 Discourse hardens chat DM channel creation and expansion — discourse 5.4 Medium2026-03-19
CVE-2026-28282 Discourse vulnerable to group membership addition permission bypass via discourse-policy plugin — discourse 6.5 -2026-03-19
CVE-2026-27936 Discourse discloses restricted post-action counts to non-privileged users — discourse 4.3 -2026-03-19
CVE-2026-33302 OpenEMR: zhAclCheck Ignores Explicit ACL Denies — openemr 7.6 -2026-03-19
CVE-2026-31998 OpenClaw 2026.2.22 < 2026.2.24 - Authorization Bypass in Synology Chat Plugin via Empty allowedUserIds — OpenClaw 8.6 High2026-03-19
CVE-2026-31991 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Leakage in Signal Group Allowlist — OpenClaw 3.7 Low2026-03-19
CVE-2026-32693 Unauthorized access to Kubernetes secrets in Juju — Juju 8.8 High2026-03-18
CVE-2026-22170 OpenClaw < 2026.2.22 BlueBubbles - Access Control Bypass via Empty allowFrom Configuration — OpenClaw 6.5 Medium2026-03-18
CVE-2026-26230 Team Admin Privilege Escalation to Demote Members to Guest — Mattermost 3.8 Low2026-03-16
CVE-2026-26304 Permission Bypass in Playbook Run Creation — Mattermost 4.3 Medium2026-03-16
CVE-2026-32267 Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken() — cms 8.8AIHighAI2026-03-16
CVE-2025-69196 FastMCP OAuth Proxy token reuse across MCP servers — fastmcp 5.3AIMediumAI2026-03-16
CVE-2026-24692 Guest users can bypass read permissions via search API — Mattermost 4.3 Medium2026-03-16
CVE-2026-22545 Password Change Bypass via Auth Switch Endpoint — Mattermost 3.1 Low2026-03-16
CVE-2026-4265 Guest user can upload files without permission across teams — Mattermost 4.3 Medium2026-03-16
CVE-2026-2462 Admin RCE via Malicious Plugin Upload on CI Test Instances — Mattermost 6.6 Medium2026-03-16
CVE-2026-32717 AnythingLLM access control bypass: suspended users can continue using Browser Extension API keys — anything-llm 2.7 Low2026-03-13
CVE-2026-32715 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences — anything-llm 3.8 Low2026-03-13
CVE-2026-30943 Gokapi has Privilege Escalation in File Replace — Gokapi 4.1 Medium2026-03-13
CVE-2026-32245 Tinyauth's OIDC authorization codes are not bound to client on token exchange — tinyauth 6.5 Medium2026-03-12
CVE-2026-32123 OpenEMR: Therapy Group Sensitivity ACL No Longer Enforced — openemr 7.7 High2026-03-11
CVE-2026-32108 Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access — copyparty 7.5AIHighAI2026-03-11
CVE-2026-32101 StudioCMS S3 Storage Manager Authorization Bypass via Missing `await` on Async Auth Check — s3-storage 7.6 High2026-03-11
CVE-2026-31887 Shopware unauthenticated data extraction possible through store-api.order endpoint — core 9.1AICriticalAI2026-03-11
CVE-2026-1471 Caching of authentication context — Enterprise edition 6.5AIMediumAI2026-03-11
CVE-2026-30239 OpenProject has a Permission Check bypass on Budget deletion allows reassignment of WorkPackages into other budgets — openproject 6.5 Medium2026-03-11

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.