Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-23984 Apache Superset: SQLLab Read-Only Bypass on PostgreSQL — Apache Superset 8.1 -2026-02-24
CVE-2026-27112 Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints — kargo 8.2AIHighAI2026-02-20
CVE-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled — cilium 6.1 Medium2026-02-19
CVE-2026-26316 OpenClaw has BlueBubbles webhook auth bypass via loopback proxy trust — openclaw 7.5 High2026-02-19
CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path` — opa-envoy-plugin 7.5AIHighAI2026-02-19
CVE-2026-26336 Hyland Alfresco Improper Authorization Arbitrary File Read — Alfresco Enterprise 7.5 High2026-02-19
CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface — gogs 8.8 -2026-02-19
CVE-2025-4960 macOS Local Privilege Escalation via Improper Authorization Handling in EPSON Printer Controller Installer — EPSON Printer Controller Installer 7.8 High2026-02-19
CVE-2026-1999 Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized merging of pull requests — Enterprise Server 7.5 -2026-02-18
CVE-2026-2386 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type' — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce 4.3 Medium2026-02-18
CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter — User Submitted Posts – Enable Users to Submit Posts from the Front End 5.3 Medium2026-02-18
CVE-2026-0997 Mattermost Zoom Plugin channel preference API lacks authorization checks — Mattermost 4.3 Medium2026-02-16
CVE-2026-22892 Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments — Mattermost 4.3 Medium2026-02-13
CVE-2026-25767 LavinMQ has incomplete shovel configuration validation — lavinmq 5.5AIMediumAI2026-02-12
CVE-2026-26031 Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students — lms 5.3AIMediumAI2026-02-11
CVE-2026-26012 vaultwarden has Full Cipher Enumeration Ignoring Organization Collection Permissions — vaultwarden 6.5 Medium2026-02-11
CVE-2026-25924 Kanboard is Missing Access Control on Plugin Installation leading to Administrative RCE — kanboard 8.5 High2026-02-11
CVE-2026-25875 PlaciPy Admin Privilege Escalation via Trusted JWT Claims — assessment-placipy 6.5AIMediumAI2026-02-09
CVE-2026-25811 PlaciPy Email Domain Trust Enables Cross-Tenant Data Access (Multi-Tenant Isolation Failure) — assessment-placipy 4.3AIMediumAI2026-02-09
CVE-2026-25859 WeKan < 8.20 Migration Functionality Insufficient Permission Checks — WeKan 7.1AIHighAI2026-02-07
CVE-2026-25568 WeKan < 8.19 allowPrivateOnly Setting Enforcement Bypass — WeKan 6.5AIMediumAI2026-02-07
CVE-2026-25566 WeKan < 8.19 Cross-board Card Move Without Destination Authorization — WeKan 3.3AILowAI2026-02-07
CVE-2026-25565 WeKan < 8.19 Read-only Board Roles Can Update Cards — WeKan 4.3AIMediumAI2026-02-07
CVE-2026-25561 WeKan < 8.19 Attachment Upload Object Relationship Validation Bypass — WeKan 7.5AIHighAI2026-02-07
CVE-2026-25729 DeepAudit Affected by User Enumeration via Broken Access Control — DeepAudit 4.3AIMediumAI2026-02-06
CVE-2026-23989 REVA Public Link Exploit — reva 8.2 High2026-02-06
CVE-2026-24851 OpenFGA Improper Policy Enforcement — openfga 9.8AICriticalAI2026-02-06
CVE-2025-15342 Tanium addressed an improper access controls vulnerability in Reputation. — Reputation 4.3 Medium2026-02-05
CVE-2026-23572 Improper Access Control in TeamViewer clients — Remote 7.2 High2026-02-05
CVE-2026-1553 Drupal Canvas - Moderately critical - Access bypass - SA-CONTRIB-2026-006 — Drupal Canvas 7.5AIHighAI2026-02-04

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.