目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-276 缺省权限不正确 类漏洞列表 448

CWE-276 缺省权限不正确 类弱点 448 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-276 属于权限配置不当类漏洞,指软件在安装过程中将文件权限错误地设置为允许任何用户修改。攻击者通常利用此缺陷,通过篡改关键配置文件或二进制文件植入恶意代码,从而在后续执行中获得未授权访问或提升权限。开发者应避免使用过于宽松的默认权限,遵循最小权限原则,在部署时显式设置严格的访问控制,确保仅授权用户具备读写执行权限,从而从源头消除安全隐患。

MITRE CWE 官方描述
CWE:CWE-276 Incorrect Default Permissions 英文:在安装过程中,已安装文件的权限被设置为允许任何人修改这些文件。
常见影响 (1)
Confidentiality, IntegrityRead Application Data, Modify Application Data
缓解措施 (2)
Architecture and Design, OperationThe architecture needs to access and modification attributes for files to only those users who actually require those actions.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
CVE ID标题CVSS风险等级Published
CVE-2026-0539 pcvisit service binary 安全漏洞 — pcvisit Remote Host Modul 7.8AIHighAI2026-04-22
CVE-2026-6823 OpenHarness 安全漏洞 — OpenHarness 8.2 High2026-04-21
CVE-2026-6819 OpenHarness 安全漏洞 — OpenHarness 8.8 High2026-04-21
CVE-2026-39454 SKYSEA Client View 安全漏洞 — SKYSEA Client View 7.8AIHighAI2026-04-20
CVE-2026-30811 Pandora FMS 安全漏洞 — Pandora FMS 7.5 -2026-04-13
CVE-2026-25203 SAMSUNG MagicINFO 9 Server 安全漏洞 — MagicINFO 9 Server 7.8 High2026-04-10
CVE-2025-58713 Red Hat Process Automation Manager 安全漏洞 — Red Hat Process Automation 7 6.4 Medium2026-04-08
CVE-2025-57853 Red Hat Web Terminal 安全漏洞 — Red Hat Web Terminal 6.4 Medium2026-04-08
CVE-2025-57854 Red Hat OpenShift 安全漏洞 — Red Hat OpenShift Update Service 6.4 Medium2026-04-08
CVE-2025-57847 Red Hat Ansible Automation Platform(Red Hat AAP) 安全漏洞 — Red Hat Ansible Automation Platform 2 6.4 Medium2026-04-08
CVE-2025-57851 Red Hat Multicluster Engine for Kubernetes 安全漏洞 — Multicluster Engine for Kubernetes 6.4 Medium2026-04-08
CVE-2025-7024 Airbus AIRBUS PSS TETRA Connectivity Server 安全漏洞 — TETRA Connectivity Server (TCS) 7.3 High2026-04-03
CVE-2026-34450 Claude SDK for Python 安全漏洞 — anthropic-sdk-python 4.4 -2026-03-31
CVE-2025-15615 Wazuh 安全漏洞 — wazuh-manager 6.5 Medium2026-03-27
CVE-2026-32983 Wazuh 安全漏洞 — wazuh-manager 5.8 Medium2026-03-27
CVE-2026-32680 RATOC RAID Monitoring Manager for Windows 安全漏洞 — RATOC RAID Monitoring Manager for Windows 7.8AIHighAI2026-03-26
CVE-2026-24063 Arturia Software Center 安全漏洞 — Software Center 7.8 -2026-03-18
CVE-2016-20029 ZKTeco ZKBioSecurity 安全漏洞 — ZKTeco ZKBioSecurity 6.2 Medium2026-03-15
CVE-2025-57849 Red Hat Fuse 安全漏洞 — Red Hat Fuse 7 6.4 Medium2026-03-13
CVE-2025-8766 Red Hat Openshift Data Foundation 安全漏洞 — Red Hat Openshift Data Foundation 4 6.4 Medium2026-03-13
CVE-2026-26131 Microsoft .NET 安全漏洞 — .NET 10.0 7.8 High2026-03-10
CVE-2026-3315 ASSA ABLOY Visionline 安全漏洞 — Visionline 8.8AIHighAI2026-03-10
CVE-2026-28267 Digital Arts i-フィルター 安全漏洞 — i-フィルター 10 (Windows version only) 8.1AIHighAI2026-03-09
CVE-2026-28717 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 17 7.8 -2026-03-05
CVE-2026-28727 Acronis Cyber Protect和Acronis Cyber Protect Cloud Agent 安全漏洞 — Acronis Cyber Protect 17 7.8 -2026-03-05
CVE-2026-26034 Dell UPS Multi-UPS Management Console 安全漏洞 — UPS Multi-UPS Management Console (MUMC) 7.8 -2026-03-05
CVE-2026-21423 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.7 Medium2026-03-04
CVE-2026-27653 Soliton多款产品 安全漏洞 — Soliton SecureBrowser for OneGate 7.8 -2026-02-27
CVE-2026-23703 Digital Arts FinalCode Client 安全漏洞 — FinalCode Ver.5 series 8.4AIHighAI2026-02-26
CVE-2025-1789 Genetec Update Service 安全漏洞 — Genetec Update Service 7.8 -2026-02-24

CWE-276(缺省权限不正确) 是常见的弱点类别,本平台收录该类弱点关联的 448 条 CVE 漏洞。