Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

914 vulnerabilities with CWE-266

CVE-2025-13787 MEDIUM

zentao < 21.7.7 - Improper Privilege Management via File Handler

CVE-2025-45311 HIGH

fail2ban-client v0.11.2 - Privilege Escalation

CVE-2025-64761 HIGH

OpenBao < 2.4.4 - Privilege Escalation via Identity Group Subsystem

CVE-2025-13576 MEDIUM

code-projects Blog Site 1.0 - Incorrect Privilege Assignment in /admin.php

CVE-2025-0504 MEDIUM

Black Duck SCA <2025.10.0 - Privilege Escalation

CVE-2025-41115 CRITICAL

Grafana 12.0.0-12.2.0 - Privilege Escalation via SCIM User Provisioning

CVE-2025-13443 MEDIUM

macrozheng mall < 1.0.3 - Incorrect Privilege Assignment via /member/readHistory/delete ids Parameter

CVE-2025-65094 HIGH

WBCE CMS < 1.6.4 - Privilege Escalation via groups[] Parameter Manipulation

CVE-2025-13250 MEDIUM

datax-web < 2.1.2 - Unauthenticated Improper Access Control in Job Handler

CVE-2025-13131 HIGH

Sonarr 4.0.15.2940 - Local Privilege Escalation

CVE-2025-13130 HIGH

Radarr 5.28.0.10274 - Privilege Escalation

CVE-2025-13118 MEDIUM

macrozheng mall and mall-swarm < 1.0.3 - Improper Authorization via OrderID Parameter

CVE-2025-13117 MEDIUM

macrozheng mall and mall-swarm < 1.0.3 - Improper Authorization via Order Cancellation

CVE-2025-13116 MEDIUM

macrozheng mall and mall-swarm < 1.0.3 - Improper Authorization via Order Cancellation

CVE-2025-13115 MEDIUM

macrozheng mall and mall-swarm < 1.0.3 - Improper Authorization in Order Details Handler

CVE-2025-13114 MEDIUM

macrozheng mall-swarm < 1.0.3 - Improper Authorization in Cart Update Attribute Function

CVE-2025-2843 HIGH

Observability Operator < 1.3.0 - Privilege Escalation via MonitorStack ServiceAccount

CVE-2025-63384 MEDIUM

RISC-V Rocket-Chip <1.6 - Privilege Escalation

CVE-2025-56503 MEDIUM

Sublime Text 4 4200 - Privilege Escalation

CVE-2025-6325 CRITICAL

King Addons for Elementor <51.1.36 - Privilege Escalation

CVE-2025-62034 HIGH

uxper Togo <1.0.4 - Privilege Escalation

CVE-2025-60243 CRITICAL

Holest Engineering Selling Commander - Privilege Escalation

CVE-2025-60195 CRITICAL

Atarim <= 4.2.1 - Incorrect Privilege Assignment

CVE-2025-49900 HIGH

bPlugins Advanced scrollbar <1.1.9 - Privilege Escalation

CVE-2025-12103 MEDIUM

Red Hat Openshift AI Service - Privilege Escalation

Previous Page 13 of 37 Next

Details

Vulnerabilities 914

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy