Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1255

1255 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-3745 MSI Afterburner v4.6.6.16381 Beta 3 - ACL Bypass — MSI Afterburner 7.8 High2024-05-18
CVE-2024-34434 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerability — WordPress Meta Data and Taxonomies Filter (MDTF) 6.5 Medium2024-05-17
CVE-2024-35187 Stalwart Mail Server has privilege escalation by design — mail-server 9.1 Critical2024-05-16
CVE-2024-31409 CyberPower PowerPanel business Incorrect Authorization — PowerPanel business 6.5 Medium2024-05-15
CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester — CreateWiki 5.9 Medium2024-05-13
CVE-2024-31441 Arbitrary File Reading in DataEase — dataease 7.5 High2024-05-10
CVE-2024-3722 Swift Performance Lite <= 2.3.6.18 - Incorrect Authorization to Authenticated (Subscriber+) Settings Modification — Swift Performance Lite 5.4 Medium2024-05-09
CVE-2024-34346 Deno contains a permission escalation via open of privileged files with missing `--deny` flag — deno 8.5 High2024-05-07
CVE-2024-28148 Apache Superset: Incorrect datasource authorization on explore REST API — Apache Superset 4.3 Medium2024-05-07
CVE-2023-42124 Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability — Premium Security 7.8 -2024-05-03
CVE-2024-2378 Hitachi Energy SDM600 安全漏洞 — SDM600 8.0 High2024-04-30
CVE-2023-50363 QTS, QuTS hero — QTS 7.4 High2024-04-26
CVE-2024-4006 Incorrect Authorization in GitLab — GitLab 4.3 Medium2024-04-25
CVE-2024-32470 Tolgee' API keys created by server admin users bypass the permission check — tolgee-platform 6.5 Medium2024-04-18
CVE-2023-25043 WordPress Data Tables Generator by Supsystic Plugin <= 1.10.25 is vulnerable to Broken Access Control — Data Tables Generator 4.3 Medium2024-04-17
CVE-2024-31452 OpenFGA Authorization Bypass — openfga 8.1 High2024-04-16
CVE-2024-1738 Incorrect Authorization in lunary-ai/lunary — lunary-ai/lunary 5.9 -2024-04-16
CVE-2024-31990 Argo CD' API server does not enforce project sourceNamespaces — argo-cd 4.8 Medium2024-04-15
CVE-2024-27309 Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode — Apache Kafka 4.4 -2024-04-12
CVE-2024-1740 Incorrect Authorization in lunary-ai/lunary — lunary-ai/lunary 7.1AIHighAI2024-04-10
CVE-2024-1741 Improper Authorization in lunary-ai/lunary — lunary-ai/lunary 8.8AIHighAI2024-04-10
CVE-2024-29834 Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints — Apache Pulsar 6.4 Medium2024-04-02
CVE-2024-31134 JetBrains TeamCity 安全漏洞 — TeamCity 6.5 Medium2024-03-28
CVE-2024-29892 ZITADEL's actions can overload reserved claims — zitadel 6.1 Medium2024-03-27
CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model — Elasticsearch 4.4 Medium2024-03-27
CVE-2023-6400 Incorrect user authorization vulnerability on OpenText ZENworks Configuration Management (ZCM) product. — ZENworks Configuration Management (ZCM) 7.4 High2024-03-27
CVE-2024-27105 Frappe File Permissions can by bypassed using certain endpoints — frappe 8.1 High2024-03-20
CVE-2024-22412 ClickHouse's Role-based Access Control is bypassed when query caching is enabled. — ClickHouse 2.4 Low2024-03-18
CVE-2024-1479 WP Show Posts <= 1.1.4 - Information Exposure — WP Show Posts 5.3 Medium2024-03-13
CVE-2024-1452 GenerateBlocks <= 1.8.2 - Sensitive Information Exposure — GenerateBlocks 4.3 Medium2024-03-13

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1255 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.