Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1241

1241 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5383 runZero Explorer missing authorization check — Explorer 4.4 Medium2026-04-07
CVE-2026-5382 runZero Platform MCP endpoint information leak — Platform 3.0 Low2026-04-07
CVE-2026-5381 runZero Platform task information leak — Platform 2.2 Low2026-04-07
CVE-2026-5380 runZero Platform cleartext secret exposure — Platform 5.3 Medium2026-04-07
CVE-2026-5379 runZero Platform MCP certification information leak — Platform 3.0 Low2026-04-07
CVE-2026-5378 runZero Platform user creation leak — Platform 5.8 Medium2026-04-07
CVE-2026-5374 runZero Platform MCP information leak — Platform 5.8 Medium2026-04-07
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch) — OTP 9.8AICriticalAI2026-04-07
CVE-2026-35412 Directus has a TUS Upload Authorization Bypass Allows Arbitrary File Overwrite — directus 7.1 High2026-04-06
CVE-2026-34972 OpenFGA's BatchCheck within-request deduplication produces incorrect authorization decisions via list-value cache-key collision — openfga 5.0 Medium2026-04-06
CVE-2026-35029 LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint — litellm 8.8AIHighAI2026-04-06
CVE-2026-34953 PraisonAI: Authentication Bypass in OAuthManager.validate_token() — PraisonAI 9.1 Critical2026-04-03
CVE-2026-27447 OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup — cups 4.8 Medium2026-04-03
CVE-2025-68153 Juju: Resource poisoning — juju 6.5AIMediumAI2026-04-03
CVE-2025-68152 Juju: Read All Controller Logs From Compromised Workload — juju 6.5AIMediumAI2026-04-03
CVE-2026-34376 PdfDing: Password-protected share bypass via direct serve endpoint — PdfDing 7.5 High2026-04-01
CVE-2025-71278 XenForo OAuth2 Unauthorized Scope Request — XenForo 8.8 High2026-04-01
CVE-2026-34453 SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content — siyuan 7.5 High2026-03-31
CVE-2026-34586 PdfDing: Shared PDF Expiration, Max Views, and Deletion Bypass via Serve/Download Endpoints — PdfDing 6.5 Medium2026-03-31
CVE-2026-32726 SciTokens C++: Sibling-Path Authorization Bypass — scitokens-cpp 8.1 High2026-03-31
CVE-2026-34532 Parse Server: Cloud function validator bypass via prototype chain traversal — parse-server 9.1AICriticalAI2026-03-31
CVE-2026-33579 OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval — OpenClaw 9.9 Critical2026-03-31
CVE-2026-33578 OpenClaw < 2026.3.28 - Sender Policy Allowlist Bypass via Policy Downgrade in Google Chat and Zalouser Extensions — OpenClaw 4.3 Medium2026-03-31
CVE-2026-33576 OpenClaw < 2026.3.28 - Unauthorized Media Download via Zalo Channel — OpenClaw 6.5 Medium2026-03-31
CVE-2026-33577 OpenClaw < 2026.3.28 - Insufficient Scope Validation in node.pair.approve — OpenClaw 8.1 High2026-03-31
CVE-2026-34506 OpenClaw < 2026.3.8 - Sender Allowlist Bypass in Microsoft Teams Plugin via Route Allowlist Configuration — OpenClaw 4.3 Medium2026-03-31
CVE-2026-0562 Insecure Direct Object Reference (IDOR) in parisneo/lollms — parisneo/lollms 6.5 -2026-03-29
CVE-2026-32978 OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners — OpenClaw 8.0 High2026-03-29
CVE-2026-32972 OpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.request — OpenClaw 7.1 High2026-03-29
CVE-2026-32924 OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu — OpenClaw 9.8 Critical2026-03-29

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1241 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.