目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-280 不充分权限或特权的处理不恰当 类漏洞列表 108

CWE-280 不充分权限或特权的处理不恰当 类弱点 108 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-280属于权限处理缺陷,指程序未正确应对权限不足的情况,导致进入意外代码路径并可能引发状态异常。攻击者常通过构造低权限请求或篡改身份凭证,触发程序逻辑错误以获取未授权访问或造成服务中断。开发者应实施严格的权限校验机制,确保在权限不足时执行安全的默认拒绝策略,并记录相关日志以便审计,从而防止因权限判断失误导致的安全风险。

MITRE CWE 官方描述
CWE:CWE-280 处理权限或特权不足不当 英文:当产品因权限不足而无法访问资源或功能时,未能正确处理或错误地处理了这种情况。这可能导致其遵循非预期的代码路径,从而使产品处于无效状态。
常见影响 (1)
OtherOther, Alter Execution Logic
缓解措施 (2)
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
ImplementationAlways check to see if you have successfully accessed a resource or system functionality, and use proper error handling if it is unsuccessful. Do this even when you are operating in a highly privileged mode, because errors or environmental conditions might still cause a failure. For example, environments with highly granular permissions/privilege models, such as Windows or Linux capabilities, can …
CVE ID标题CVSS风险等级Published
CVE-2026-6805 Cryptobox 外部共享功能漏洞 — Cryptobox--2026-05-07
CVE-2026-20448 Geniezone权限绕过致本地提权漏洞 — MediaTek chipset 6.7AIMediumAI2026-05-04
CVE-2026-27910 Microsoft Windows Installer 安全漏洞 — Windows 10 Version 1607 7.8 High2026-04-14
CVE-2026-24096 Checkmk 安全漏洞 — Checkmk 8.8AIHighAI2026-04-01
CVE-2026-2123 OpenText Operations Agent 安全漏洞 — Operations Agent 7.8 -2026-03-31
CVE-2026-3190 Keycloak 安全漏洞 — Red Hat build of Keycloak 26.4 4.3 Medium2026-03-26
CVE-2026-21736 Imagination Graphics DDK 安全漏洞 — Graphics DDK 7.1AIHighAI2026-03-09
CVE-2026-1772 Hitachi Energy RTU500 安全漏洞 — RTU500 series CMU firmware 5.3AIMediumAI2026-02-24
CVE-2026-23857 Dell Update Package Framework 安全漏洞 — Update Package 8.2 High2026-02-12
CVE-2025-67848 Moodle 安全漏洞 8.1 High2026-02-03
CVE-2026-20817 Microsoft Windows Error Reporting 安全漏洞 — Windows 10 Version 21H2 7.8 High2026-01-13
CVE-2025-64997 Checkmk 安全漏洞 — Checkmk 6.5AIMediumAI2025-12-18
CVE-2025-58770 AMI AptioV 安全漏洞 — AptioV 7.8AIHighAI2025-12-12
CVE-2025-58121 Checkmk 安全漏洞 — Checkmk 8.8AIHighAI2025-11-18
CVE-2025-58122 Checkmk 安全漏洞 — Checkmk 8.1AIHighAI2025-11-18
CVE-2025-58410 Imagination Graphics DDK 安全漏洞 — Graphics DDK 7.8AIHighAI2025-11-17
CVE-2025-62510 FileRise 访问控制错误漏洞 — FileRise 8.1 High2025-10-20
CVE-2025-62509 FileRise 访问控制错误漏洞 — FileRise 8.1 High2025-10-20
CVE-2025-62176 Mastodon 安全漏洞 — mastodon 4.3 Medium2025-10-13
CVE-2025-45376 Dell Repository Manager 安全漏洞 — Dell Repository Manager (DRM) 7.5 High2025-09-29
CVE-2025-58457 Apache ZooKeeper 安全漏洞 — Apache ZooKeeper 8.8AIHighAI2025-09-24
CVE-2025-59040 Enalean Tuleap Community Edition和Enalean Tuleap Enterprise Edition 安全漏洞 — tuleap 4.3 Medium2025-09-18
CVE-2025-50170 Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 — Windows 10 Version 1809 7.8 High2025-08-12
CVE-2025-6573 Imagination Graphics DDK 安全漏洞 — Graphics DDK 5.5 -2025-08-08
CVE-2025-8109 Imagination Graphics DDK 安全漏洞 — Graphics DDK 7.1AIHighAI2025-08-04
CVE-2025-49731 Microsoft Teams 安全漏洞 — Microsoft Teams for Android 3.1 Low2025-07-08
CVE-2025-27025 Infinera G42 安全漏洞 — G42 8.8 High2025-07-02
CVE-2025-27024 Infinera G42 安全漏洞 — G42 6.5 Medium2025-07-02
CVE-2025-46708 Imagination GPU Driver 安全漏洞 — Graphics DDK 5.5AIMediumAI2025-06-27
CVE-2025-22256 Fortinet FortiPAM 安全漏洞 — FortiPAM 6.0 Medium2025-06-10

CWE-280(不充分权限或特权的处理不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 108 条 CVE 漏洞。