Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1241

1241 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-40515 OpenHarness Permission Bypass via grep and glob root argument — OpenHarness 7.5 High2026-04-17
CVE-2026-24749 Silverstripe Assets Module has a DBFile::getURL() permission bypass — silverstripe-assets 5.3 Medium2026-04-16
CVE-2026-33888 ApostropheCMS: publicApiProjection Bypass via `project` Query Builder in Piece-Type REST API — apostrophe 5.3 Medium2026-04-15
CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation — Red Hat OpenShift Virtualization 4 5.4 Medium2026-04-15
CVE-2026-4857 SailPoint IdentityIQ Debug UI Incorrect Authorization — IdentityIQ 8.4 High2026-04-15
CVE-2026-6290 Velociraptor Query() Plugin Misapplies Permissions To Orgs — Velociraptor 8.0 High2026-04-15
CVE-2025-40897 Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0 — Guardian 8.1 High2026-04-15
CVE-2026-24069 Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST — SAST 8.8 -2026-04-14
CVE-2026-40191 ClearanceKit has a policy bypass via dual-path Endpoint Security events checking only source path — clearancekit 7.8 -2026-04-10
CVE-2026-35657 OpenClaw < 2026.3.25 - Authorization Bypass in HTTP Session History Route — OpenClaw 6.5 Medium2026-04-10
CVE-2026-35653 OpenClaw < 2026.3.24 - Incorrect Authorization in POST /reset-profile via browser.request — OpenClaw 8.1 High2026-04-10
CVE-2026-35619 OpenClaw < 2026.3.24 - Authorization Bypass via HTTP /v1/models Endpoint — OpenClaw 4.3 Medium2026-04-10
CVE-2026-35596 Vikunja has Broken Access Control on Label Read via SQL Operator Precedence Bug — vikunja 4.3 Medium2026-04-10
CVE-2026-40224 systemd 安全漏洞 — systemd 6.7 Medium2026-04-10
CVE-2026-2712 WP-Optimize <= 4.5.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image Manipulation — WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance 5.4 Medium2026-04-10
CVE-2026-33551 OpenStack Keystone 安全漏洞 — Keystone 3.5 Low2026-04-10
CVE-2026-34512 OpenClaw < 2026.3.25 - Improper Access Control in /sessions/:sessionKey/kill Endpoint — OpenClaw 8.1 High2026-04-09
CVE-2026-40071 pyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actions — pyload 5.4 Medium2026-04-09
CVE-2026-39957 Lychee has Broken Access Control in SharingController::listAll() leaks private album sharing metadata to unauthorized users — Lychee 6.5AIMediumAI2026-04-09
CVE-2026-1752 Incorrect Authorization in GitLab — GitLab 4.3 Medium2026-04-08
CVE-2026-2619 Incorrect Authorization in GitLab — GitLab 4.3 Medium2026-04-08
CVE-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure — Kibana 4.3 Medium2026-04-08
CVE-2026-33461 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure — Kibana 7.7 High2026-04-08
CVE-2026-39381 Parse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields` — parse-server 6.5AIMediumAI2026-04-07
CVE-2026-22682 OpenHarness Improper Access Control via File Tools — OpenHarness 7.1 High2026-04-07
CVE-2026-35604 File Browser share links remain accessible after Share/Download permissions are revoked — filebrowser 4.3AIMediumAI2026-04-07
CVE-2026-35586 Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng — pyload 6.8 Medium2026-04-07
CVE-2026-35491 Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration — FTL 6.1 Medium2026-04-07
CVE-2026-35490 changedetection.io has an Authentication Bypass via Decorator Ordering — changedetection.io 9.8 Critical2026-04-07
CVE-2026-5384 runZero Platform incorrect credential scope — Platform 5.8 Medium2026-04-07

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1241 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.