Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1255

1255 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-48373 Schule Has Client-Side Role-Based Access Control (RBAC) Bypass Vulnerability — Schule 7.6AIHighAI2025-05-22
CVE-2024-6914 Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover — WSO2 API Manager 8.8 High2025-05-22
CVE-2024-13947 External System or Configuration Control — ASPECT-Enterprise 6.0 Medium2025-05-22
CVE-2025-30171 Admin Authorized System File Deletion — ASPECT-Enterprise 9.0 Critical2025-05-22
CVE-2025-20257 Cisco Secure Network Analytics API Authorization Vulnerability — Cisco Secure Network Analytics 6.5 Medium2025-05-21
CVE-2025-1418 Information disclosure in Proget MDM — Proget 4.3AIMediumAI2025-05-21
CVE-2025-1417 Information disclosure in Proget MDM — Proget 5.3AIMediumAI2025-05-21
CVE-2025-1416 Password disclosure in Proget MDM — Proget 7.5AIHighAI2025-05-21
CVE-2025-1415 Information disclosure in Proget MDM — Proget 5.3AIMediumAI2025-05-21
CVE-2025-47937 TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling — typo3 3.7 Low2025-05-20
CVE-2025-4101 MultiVendorX – WooCommerce Multivendor Marketplace Solutions <= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post Deletion — MultiVendorX – WooCommerce Multivendor Marketplace Solutions 4.3 Medium2025-05-17
CVE-2025-47930 Zulip Server has access control bypass for restrictions on creation of specific channel types — zulip 6.5AIMediumAI2025-05-15
CVE-2025-46834 Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook — modular-account 9.1AICriticalAI2025-05-15
CVE-2025-2570 System Admin Cannot Access Environment settings in System Console While System Manager Can — Mattermost 2.7 Low2025-05-15
CVE-2025-2527 Improper access control to group information — Mattermost 4.3 Medium2025-05-15
CVE-2025-3446 Members Without Guest Invite Permissions Can Add Guests to Teams — Mattermost 4.3 Medium2025-05-15
CVE-2025-43565 ColdFusion | Incorrect Authorization (CWE-863) — ColdFusion 8.4 High2025-05-13
CVE-2025-43564 ColdFusion | Incorrect Authorization (CWE-863) — ColdFusion 9.1 Critical2025-05-13
CVE-2025-43561 ColdFusion | Incorrect Authorization (CWE-863) — ColdFusion 9.1 Critical2025-05-13
CVE-2025-4646 A high privilege user is able to create and use a valid admin API token in centreon-web — web 7.2 High2025-05-13
CVE-2025-27696 Apache Superset: Incorrect authorization leading to resource ownership takeover — Apache Superset 6.5AIMediumAI2025-05-13
CVE-2025-46744 Improper Privilege Management — SEL Blueframe OS 2.7 Low2025-05-12
CVE-2025-46265 F5OS vulnerability — F5OS - Appliance 8.8 High2025-05-07
CVE-2025-36546 F5OS Appliance Mode vulnerability — F5OS - Appliance 8.1 High2025-05-07
CVE-2025-3272 Incorrect user authorization vulnerability has been identified in Open Text Operations Bridge Manager. — Operations Bridge Manager 6.5AIMediumAI2025-05-07
CVE-2025-3476 OpenText Operations Bridge Manager 安全漏洞 — Operations Bridge Manager 8.8AIHighAI2025-05-07
CVE-2025-3609 Reales WP STPT <= 2.1.2 - Unauthorized User Registration — Reales WP STPT 5.3 Medium2025-05-06
CVE-2025-3879 Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login — Vault 6.6 Medium2025-05-02
CVE-2025-46569 OPA server Data API HTTP path injection of Rego — opa 5.4AIMediumAI2025-05-01
CVE-2025-23244 NVIDIA GPU Display Driver for Linux 安全漏洞 — GPU Display Driver, vGPU Software, Cloud Gaming 7.8 High2025-05-01

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1255 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.