Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1244

1244 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-32061 Discourse Topic Creation Page Allows iFrame Tag without Restrictions — discourse 5.4 Medium2023-06-13
CVE-2020-36710 WPS Hide Login <= 1.5.4.2 - Hidden Login Page Location Disclosure — WPS Hide Login 5.3 Medium2023-06-07
CVE-2023-32683 URL deny list bypass via oEmbed and image URLs when generating previews in Synapse — synapse 3.5 Low2023-06-06
CVE-2023-1779 Helmholz and MB Connect Line: Account takeover via password reset in multiple products — mbCONNECT24 4.3 Medium2023-06-06
CVE-2023-3066 Mobatime mobile application - Broken authorisation — Mobatime mobile application AMXGT100 8.1 High2023-06-05
CVE-2023-3033 Mobatime web application - broken authorisation mechanisms — Mobatime web application 6.8 Medium2023-06-02
CVE-2023-28698 WADE DIGITAL DESIGN CO, LTD. FANTSY - Broken Acesss Control — FANTSY 9.8 Critical2023-06-02
CVE-2022-46308 SGUDA U-Lock - Broken Access Control — U-Lock 8.8 High2023-06-02
CVE-2022-46307 SGUDA U-Lock - Broken Access Control — U-Lock 8.8 High2023-06-02
CVE-2023-34218 JetBrains TeamCity 安全漏洞 — TeamCity 9.1 Critical2023-05-31
CVE-2023-1158 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization — Pentaho Business Analytics Server 4.3 Medium2023-05-24
CVE-2023-2515 Privilege escalation to system admin via personal access tokens — Mattermost 4.7 Medium2023-05-12
CVE-2023-32069 XWiki Platform privilege escalation (PR)/RCE from account through class sheet — xwiki-platform 10.0 Critical2023-05-09
CVE-2023-31141 OpenSearch issue with fine-grained access control during extremely rare race conditions — security 4.8 Medium2023-05-08
CVE-2023-30840 On a compromised node, the fluid-csi service account can be used to modify node specs — fluid 5.8 Medium2023-05-08
CVE-2023-1979 Auth bypass in Web Stories for WordPress plugin — Web Stories for WordPress 4.9 Medium2023-05-08
CVE-2023-29240 BIG-IQ iControl REST Vulnerability — BIG-IQ 5.4 Medium2023-05-03
CVE-2023-25548 Schneider Electric StruxureWare Data Center Expert 安全漏洞 — StruxureWare Data Center Expert 8.8 High2023-04-18
CVE-2023-25547 Schneider Electric StruxureWare Data Center Expert 安全漏洞 — StruxureWare Data Center Expert 8.8 High2023-04-18
CVE-2023-27525 Apache Superset: Incorrect default permissions for Gamma role — Apache Superset 3.1 Low2023-04-17
CVE-2023-30771 Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench — Apache IoTDB Workbench 9.8 -2023-04-17
CVE-2022-40682 Fortinet FortiClient 安全漏洞 — FortiClientWindows 7.1 High2023-04-11
CVE-2022-43770 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization — Pentaho Business Analytics Server 5.4 Medium2023-04-11
CVE-2022-43940 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization — Pentaho Business Analytics Server 8.8 High2023-04-03
CVE-2022-27642 NETGEAR R6700v3 信息泄露漏洞 — R6700v3 8.8 -2023-03-29
CVE-2023-22251 Adobe Commerce Incorrect Authorization Security feature bypass — Magento Commerce 4.3 Medium2023-03-27
CVE-2023-25017 Rifartek IOT Wall - Broken Access Control — IOT Wall 8.1 High2023-03-27
CVE-2023-25923 IBM Security Key Lifecycle Manager denial of service — Security Key Lifecycle Manager 2.7 Low2023-03-21
CVE-2023-25924 IBM Security Key Lifecycle Manager improper authorization — Security Key Lifecycle Manager 5.4 Medium2023-03-21
CVE-2023-26484 On a compromised KubeVirt node, the virt-handler service account can be used to modify all node specs — kubevirt 8.2 High2023-03-15

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1244 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.