Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-30236 OpenProject users that are not project members can be used to calculate Labor Budget, leaking their global hourly rate — openproject 4.3 Medium2026-03-11
CVE-2026-1524 Auth misconfiguration when multiple providers enabled — Enterprise Edition 7.2AIHighAI2026-03-11
CVE-2025-12555 Incorrect Authorization in GitLab — GitLab 4.3 Medium2026-03-11
CVE-2026-1497 Incorrect privilege assignment in composite databases — Enterprise Edition 9.8AICriticalAI2026-03-11
CVE-2026-31892 WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode — argo-workflows 8.8 -2026-03-11
CVE-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template — argo-workflows 9.8 Critical2026-03-11
CVE-2026-32059 OpenClaw 2026.2.22-2 < 2026.2.23 - Allowlist Bypass via sort Long-Option Abbreviation in tools.exec.safeBins — openclaw 8.8 High2026-03-11
CVE-2026-21286 Adobe Commerce | Incorrect Authorization (CWE-863) — Adobe Commerce 5.3 Medium2026-03-11
CVE-2026-21297 Adobe Commerce | Incorrect Authorization (CWE-863) — Adobe Commerce 4.3 Medium2026-03-11
CVE-2026-21359 Adobe Commerce | Incorrect Authorization (CWE-863) — Adobe Commerce 4.7 Medium2026-03-11
CVE-2026-21309 Adobe Commerce | Incorrect Authorization (CWE-863) — Adobe Commerce 7.5 High2026-03-11
CVE-2026-21285 Adobe Commerce | Incorrect Authorization (CWE-863) — Adobe Commerce 4.3 Medium2026-03-11
CVE-2026-21289 Adobe Commerce | Incorrect Authorization (CWE-863) — Adobe Commerce 7.5 High2026-03-11
CVE-2026-21296 Adobe Commerce | Incorrect Authorization (CWE-863) — Adobe Commerce 4.3 Medium2026-03-11
CVE-2026-31838 Istio HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preventing cross-namespace proxy data access. — istio 7.5AIHighAI2026-03-10
CVE-2026-31801 zot create-only policy allows overwrite attempts of existing latest tag (update permission not required) — zot 7.7 High2026-03-10
CVE-2026-30965 Parse Server session token exfiltration via `redirectClassNameForKey` query parameter — parse-server 8.1AIHighAI2026-03-10
CVE-2026-30947 Parse Server ha a bypass of class-level permissions in LiveQuery — parse-server 7.5AIHighAI2026-03-10
CVE-2026-26308 Envoy has an RBAC Header Validation Bypass via Multi-Value Header Concatenation — envoy 7.5 High2026-03-10
CVE-2026-29773 kubewarden-controller cross-namespace data exfiltration via deprecated host callback binding — kubewarden-controller 4.3 Medium2026-03-09
CVE-2026-28513 Pocket ID: OIDC authorization code validation uses AND instead of OR, allowing cross-client token exchange — pocket-id 8.5 High2026-03-09
CVE-2026-30854 Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled — parse-server 5.3 -2026-03-07
CVE-2026-29196 Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys — netmaker 6.5 -2026-03-07
CVE-2026-29195 Netmaker: Privilege Escalation from Admin to Super-Admin via User Update — netmaker 7.2 -2026-03-07
CVE-2026-29194 Netmaker: Insufficient Authorization in Host Token Verification — netmaker 8.8 -2026-03-07
CVE-2026-30820 Flowise Authorization Bypass via Spoofed x-request-from Header — Flowise 8.8 -2026-03-07
CVE-2026-30241 Mercurius: queryDepth limit bypassed for WebSocket subscriptions — mercurius 7.5 -2026-03-06
CVE-2026-30229 Parse Server: Endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user — parse-server 9.8 -2026-03-06
CVE-2026-30228 Parse Server: File creation and deletion bypasses `readOnlyMasterKey` write restriction — parse-server 9.1 -2026-03-06
CVE-2026-29182 Parse Server: Cloud Hooks and Cloud Jobs bypass `readOnlyMasterKey` write restriction — parse-server 8.1 -2026-03-06

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.