Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

914 vulnerabilities with CWE-266

CVE-2025-15084 LOW

youlai-mall 1.0.0/2.0.0 - Incorrect Privilege Assignment in Order Payment Handler

CVE-2025-14889 MEDIUM

Campcodes Advanced Voting Management System 1.0 - Incorrect Privilege Assignment in Password Handler

CVE-2025-64188 CRITICAL

PenciDesign Soledad <=8.6.9 - Privilege Escalation

CVE-2025-59134 HIGH

Sale! Immigration law - Privilege Escalation

CVE-2025-58710 HIGH

e-plugins Hotel Listing <1.4.0 - Privilege Escalation

CVE-2025-55707 HIGH

WPXPO PostX <4.1.35 - Privilege Escalation

CVE-2025-49379 HIGH

silverplugins217 Custom Fields Account Registration For Woocommerce...

CVE-2025-14749 MEDIUM

Ningyuanda TC155 57.0.2.0 - Unauthenticated Incorrect Privilege Assignment in ONVIF PTZ Control Interface

CVE-2025-14748 MEDIUM

Ningyuanda TC155 57.0.2.0 - Unauthenticated Hard Reset via ONVIF Device Management Service

CVE-2025-14503 HIGH

Harmonix on AWS <0.4.2 - Privilege Escalation

CVE-2025-13888 CRITICAL

Red Hat OpenShift GitOps < 1.16.2 - Authenticated Privilege Escalation via ArgoCD Custom Resource Injection

CVE-2025-14660 MEDIUM

DecoCMS Mesh <1.0.0-alpha.31 - Improper Access Control

CVE-2025-65807 HIGH

sd command <1.0.0 - Privilege Escalation

CVE-2025-14206 MEDIUM

SourceCodester Online Student Clearance System 1.0 - Auth Bypass

CVE-2025-14089 MEDIUM

Himool ERP <2.2 - Privilege Escalation

CVE-2025-14088 MEDIUM

ketr JEPaaS <= 7.2.8 - Improper Authorization via /je/load Authorization Parameter

CVE-2025-14086 MEDIUM

youlai-mall 1.0.0/2.0.0 - Improper Access Control via OpenID Parameter

CVE-2025-14052 MEDIUM

youlai-mall 1.0.0/2.0.0 - Improper Access Control in getMemberById Function

CVE-2025-55948 HIGH

yzcheng90 X-SpringBoot 6.0 - Incorrect Privilege Assignment via Frontend-Backend RBAC Desynchronization

CVE-2025-14016 MEDIUM

macrozheng mall-swarm < 1.0.3 - Improper Authorization via /member/readHistory/delete ids Parameter

CVE-2025-65842 MEDIUM

Aquarius HelperTool 1.0.003 - Privilege Escalation

CVE-2025-66296 HIGH

Grav <1.8.0-beta.27 - Privilege Escalation

CVE-2025-13808 HIGH

orionsec orion-ops - Incorrect Privilege Assignment in User Profile Handler

CVE-2025-13807 MEDIUM

orionsec orion-ops < 2025-08-01 - Incorrect Privilege Assignment in MachineKeyController

CVE-2025-13806 HIGH

nutzam NutzBoot < 2.6.0 - Improper Authorization in Transaction API

Previous Page 12 of 37 Next

Details

Vulnerabilities 914

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy