Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-29087 @hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static Middleware — node-server 7.5 High2026-03-06
CVE-2026-23925 Unauthorized host creation via configuration.import API by low-privilege user with write permissions — Zabbix 6.5 -2026-03-06
CVE-2026-28726 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 17 7.5 -2026-03-05
CVE-2026-28724 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 17 7.5 -2026-03-05
CVE-2026-28723 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 17 8.2 -2026-03-05
CVE-2026-28720 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 17 5.3 -2026-03-05
CVE-2026-28719 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 17 9.8 -2026-03-05
CVE-2026-28716 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 17 9.8 -2026-03-05
CVE-2026-28715 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 17 6.5 -2026-03-05
CVE-2026-28709 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 17 9.8 -2026-03-05
CVE-2026-28474 OpenClaw Nextcloud Talk < 2026.2.6 - Allowlist Bypass via actor.name Display Name Spoofing — nextcloud-talk 9.8 Critical2026-03-05
CVE-2026-28473 OpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat Command — OpenClaw 8.1 High2026-03-05
CVE-2026-28466 OpenClaw < 2026.2.14 - Remote Code Execution via Node Invoke Approval Bypass — OpenClaw 9.9 Critical2026-03-05
CVE-2026-21621 Improper Scope Enforcement in OAuth client_credentials Flow Allows Read-Only API Key to Escalate to Full Access — hexpm 8.8 -2026-03-05
CVE-2026-3009 Org.keycloak/keycloak-services: improper enforcement of disabled identity provider in identitybrokerservice (authentication bypass) — Red Hat build of Keycloak 26.4 8.1 High2026-03-05
CVE-2026-3236 Octopus Server 安全漏洞 — Octopus Server 7.5 -2026-03-05
CVE-2026-26949 Dell Device Management Agent 安全漏洞 — Device Management Agent (DDMA) 5.5 Medium2026-03-04
CVE-2026-3103 Deletion of passwords via RestApi — Checkmk 7.1AIHighAI2026-03-04
CVE-2026-3136 Google Cloud Build Comment Control Bypass — Cloud Build 9.8AICriticalAI2026-03-03
CVE-2026-2293 NestJS 11.1.13 - Lack of data validation allowing authentication/authorization bypass — nest.js 9.8 -2026-02-27
CVE-2025-9572 Foreman: satellite: graphql api permission bypass leads to information disclosure — Foreman 5.0 Medium2026-02-27
CVE-2026-25741 Zulip Vulnerable to Modification of Payment Method (Stripe Default Card) by Non-Billing Users — zulip 7.1 High2026-02-26
CVE-2026-28227 Discourse Vulnerable to Unauthorized Topic Creation in Staff-Only Categories via Topic Timer publish_to_category — discourse 4.3AIMediumAI2026-02-26
CVE-2026-27153 Discourse doesn't prevent moderators from exporting user Chat DMs — discourse 5.4AIMediumAI2026-02-26
CVE-2026-26973 Discourse doesn't scope reviewable notes to user-visible reviewables — discourse 4.3 Medium2026-02-26
CVE-2026-26265 Discourse has IDOR vulnerability in the directory items endpoint — discourse 7.5 High2026-02-26
CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators — fleet 3.8AILowAI2026-02-26
CVE-2026-25127 OpenEMR has Broken Access Control on Care Coordination Module — openemr 3.5 -2026-02-25
CVE-2026-1768 Devolutions Server 安全漏洞 — Devolutions Server 7.1 -2026-02-24
CVE-2026-23982 Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass — Apache Superset 6.5 -2026-02-24

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.