Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

914 vulnerabilities with CWE-266

CVE-2025-69292 HIGH

WP Membership <1.6.5 - Privilege Escalation

CVE-2025-69183 HIGH

Hospital Doctor Directory <1.3.9 - Privilege Escalation

CVE-2025-69182 HIGH

e-plugins Institutions Directory <= 1.3.4 - Privilege Escalation

CVE-2025-68869 CRITICAL

LazyTasks <1.4.01 - Privilege Escalation

CVE-2025-68027 HIGH

Themefic Hydra Booking <1.1.32 - Privilege Escalation

CVE-2025-67966 HIGH

Lawyer Directory <1.3.4 - Privilege Escalation

CVE-2025-67953 HIGH

Booking Activities <1.16.44 - Privilege Escalation

CVE-2025-50007 HIGH

Jthemes xSmart <= 1.2.9.4 - Privilege Escalation

CVE-2025-67279 MEDIUM

TIM BPM Suite & TIM FLOW < 9.1.2 - Privilege Escalation via MD5 Password Hash Storage

CVE-2025-67278 MEDIUM

TIM BPM Suite & TIM FLOW < 9.1.2 - Privilege Escalation via Crafted HTTP Request

CVE-2025-31643 HIGH

WPCHURCH <2.7.0 - Privilege Escalation

CVE-2025-29004 HIGH

AA-Team Premium Age Verification/Restriction <3.0.2 - Privilege Esc...

CVE-2025-15213 MEDIUM

Student File Management System 1.0 - Improper Authorization via File Download Handler

CVE-2025-15126 LOW

JeecgBoot < 3.9.0 - Improper Authorization via PositionId Argument in getPositionUserList

CVE-2025-15125 LOW

JeecgBoot < 3.9.0 - Improper Authorization via departId Parameter in queryDepartPermission

CVE-2025-15124 LOW

JeecgBoot < 3.9.0 - Improper Authorization via departId Parameter in sysDepartPermission

CVE-2025-15123 LOW

JeecgBoot < 3.9.0 - Improper Authorization via /sys/sysDepartPermission/datarule/

CVE-2025-15122 LOW

JeecgBoot < 3.9.0 - Improper Authorization via DepartId/RoleId Manipulation

CVE-2025-15120 LOW

JeecgBoot < 3.9.0 - Improper Authorization via getDeptRoleList departId Parameter

CVE-2025-15119 LOW

JeecgBoot < 3.9.0 - Improper Authorization in sys/sysDepartRole/list deptId Parameter

CVE-2025-15118 MEDIUM

macrozheng mall < 1.0.3 - Improper Authorization in Member Address Update Endpoint

CVE-2025-15106 MEDIUM

maxun < 0.0.28 - Improper Authorization via Authentication Endpoint

CVE-2025-15087 MEDIUM

youlai-mall 1.0.0/2.0.0 - Improper Authorization via OrderController submitOrderPayment

CVE-2025-15086 MEDIUM

youlai-mall 1.0.0/2.0.0 - Incorrect Privilege Assignment in MemberController

CVE-2025-15085 MEDIUM

youlai-mall 1.0.0/2.0.0 - Incorrect Privilege Assignment in Balance Handler

Previous Page 11 of 37 Next

Details

Vulnerabilities 914

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy