Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1241

1241 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-33326 @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany — keystone 4.3 Medium2026-03-24
CVE-2026-33527 Parse Server: Session update endpoint allows overwriting server-generated session fields — parse-server 4.3 -2026-03-24
CVE-2026-33421 Parse Server: LiveQuery bypasses CLP pointer permission enforcement — parse-server 6.5 -2026-03-24
CVE-2026-33676 Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read — vikunja 6.5 Medium2026-03-24
CVE-2026-28755 NGINX ngx_stream_ssl_module vulnerability — NGINX Open Source 5.4 Medium2026-03-24
CVE-2026-32642 Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission — Apache Artemis 6.5 -2026-03-24
CVE-2026-4639 Galaxy Software Services|Vitals ESP - Incorrect Authorization — Vitals ESP 8.8 High2026-03-24
CVE-2026-27646 OpenClaw < 2026.3.7 - Sandbox Escape via /acp spawn Command — OpenClaw 6.1 Medium2026-03-23
CVE-2026-27183 OpenClaw < 2026.3.7 - Shell Approval Gating Bypass via Dispatch Wrapper Depth Mismatch — OpenClaw 5.3 Medium2026-03-23
CVE-2026-33650 AVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion — AVideo 7.6 High2026-03-23
CVE-2026-32899 OpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event Handlers — OpenClaw 4.3 Medium2026-03-21
CVE-2026-32895 OpenClaw < 2026.2.26 - Sender Authorization Bypass in Slack System Event Handlers — OpenClaw 5.4 Medium2026-03-21
CVE-2026-32067 OpenClaw < 2026.2.26 - Cross-Account Authorization Bypass in DM Pairing Store — OpenClaw 3.7 Low2026-03-21
CVE-2026-32058 OpenClaw < 2026.2.26 - Approval Context-Binding Weakness in system.run via host=node — OpenClaw 2.6 Low2026-03-21
CVE-2026-32050 OpenClaw < 2026.2.25 - Unauthorized Reaction Status Event Enqueue via Access Check Bypass — OpenClaw 3.7 Low2026-03-21
CVE-2026-32051 OpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool Access — OpenClaw 8.8 High2026-03-21
CVE-2026-32042 OpenClaw < 2026.2.25 - Privilege Escalation via Unpaired Device Identity in Shared Gateway Authentication — OpenClaw 8.8 High2026-03-21
CVE-2026-33428 Discourse Allows Unauthorized Access to Deleted Posts Index via Group Membership — discourse 5.4 -2026-03-20
CVE-2026-33424 PM access granted through invites after access revocation — discourse 5.9 Medium2026-03-20
CVE-2026-33291 Discourse user can create Zendesk tickets even when it does not have access to topic — discourse 4.3 -2026-03-20
CVE-2026-33251 Discourse has a Hidden Solved topics permission bypass — discourse 5.4 Medium2026-03-20
CVE-2026-33312 Read-only Vikunja users can delete project background images via broken object-level authorization — vikunja 4.3 -2026-03-20
CVE-2026-33132 ZITADEL is missing enforcement of organization scopes — zitadel 5.3 Medium2026-03-20
CVE-2026-31805 Discourse has a poll authorization bypass via post_id array parameter — discourse 5.3 Medium2026-03-20
CVE-2026-32758 File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter — filebrowser 6.5 Medium2026-03-19
CVE-2026-32035 OpenClaw < 2026.3.2 - Missing Owner Flag Validation in Discord Voice Transcript Handler — OpenClaw 5.9 Medium2026-03-19
CVE-2026-32028 OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress — OpenClaw 5.3 Medium2026-03-19
CVE-2026-32027 OpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group Allowlist — OpenClaw 6.5 Medium2026-03-19
CVE-2026-32023 OpenClaw < 2026.2.24 - Approval Gating Bypass via Dispatch-Wrapper Depth-Cap Mismatch in system.run — OpenClaw 7.1 High2026-03-19
CVE-2026-32021 OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom — OpenClaw 6.5 Medium2026-03-19

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1241 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.