Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1255

1255 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-32971 XWiki Solr script service doesn't take dropped programming right into account — xwiki-platform 3.8 Low2025-04-30
CVE-2025-40619 Improper access control vulnerability in Bookgy — Bookgy 9.1AICriticalAI2025-04-29
CVE-2025-3647 Moodle: idor when accessing the cohorts report 4.3 Medium2025-04-25
CVE-2025-3645 Moodle: idor in messaging web service allows access to some user details 4.3 Medium2025-04-25
CVE-2025-3644 Moodle: ajax section delete does not respect course_can_delete_section() 4.3 Medium2025-04-25
CVE-2025-3861 Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions — Prevent Direct Access – Protect WordPress Files 5.4 Medium2025-04-25
CVE-2025-46544 Sherpa Orchestrator 安全漏洞 — Orchestrator 6.4 Medium2025-04-25
CVE-2025-41423 Unauthorized Playbooks Post Deletion in Mattermost Playbooks Plugin — Mattermost 3.1 Low2025-04-24
CVE-2024-10306 Mod_proxy_cluster: mod_proxy_cluster unauthorized mcmp requests 5.4 Medium2025-04-23
CVE-2024-12862 REST API allows users without permissions to remove external collaborators — Content Server 4.3 -2025-04-21
CVE-2025-3838 Improper Authorization in the installer for the EOL OVA based connect component — OVA based Connect 8.8 -2025-04-21
CVE-2025-43922 FileWave Windows client 安全漏洞 — FileWave 8.1 High2025-04-21
CVE-2025-32408 Soffid Console 安全漏洞 — IAM 2.5 Low2025-04-21
CVE-2025-43921 GNU Mailman 安全漏洞 — Mailman 5.3 Medium2025-04-20
CVE-2025-43917 Pritunl Client 安全漏洞 — Pritunl-Client 8.2 High2025-04-19
CVE-2024-49808 IBM Sterling Connect:Direct Web Services improper authorization — Sterling Connect:Direct Web Services 6.3 Medium2025-04-18
CVE-2025-3453 Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information Exposure — Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content 5.3 Medium2025-04-17
CVE-2025-2564 Unauthorized View Access to Archived Channel Member Info — Mattermost 4.3 Medium2025-04-16
CVE-2025-27571 Channel metadata visible in archived channels despite configuration setting — Mattermost 4.3 Medium2025-04-16
CVE-2025-24839 Unauthorized AI bot activation via Wrangler plugin — Mattermost 3.1 Low2025-04-16
CVE-2025-2424 Leaked Metadata of Deleted Files via Bookmark Creation — Mattermost 3.1 Low2025-04-14
CVE-2025-32093 Syatem admin profile modification by delegated granular administration role — Mattermost 4.7 Medium2025-04-14
CVE-2025-32068 Revoking authorization of OAuth2 consumer does not invalidate refresh tokens — Mediawiki - OAuth Extension 9.8AICriticalAI2025-04-11
CVE-2025-24866 Unauthorized Access to User Activity Logs API by delegated granular administration roles — Mattermost 2.7 Low2025-04-10
CVE-2025-26330 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 7.0 High2025-04-10
CVE-2025-27188 Adobe Commerce | Incorrect Authorization (CWE-863) — Adobe Commerce 4.3 Medium2025-04-08
CVE-2025-31331 Authorization Bypass vulnerability in SAP NetWeaver — SAP NetWeaver 4.3 Medium2025-04-08
CVE-2025-31481 GraphQL query operations security can be bypassed — core 7.5 High2025-04-03
CVE-2025-27427 Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission — Apache ActiveMQ Artemis 6.5 -2025-04-01
CVE-2025-31673 Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002 — Drupal core 6.5 -2025-03-31

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1255 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.