CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

914 vulnerabilities with CWE-266
CVE-2025-11080 MEDIUM
zhuimengshaonian wisdom-education <1.0.4 - Auth Bypass
CVSS 4.3
CVE-2025-11050 MEDIUM
Portabilis i-Educar <2.10 - Privilege Escalation
CVSS 6.3
CVE-2025-11049 MEDIUM
Portabilis i-Educar <2.10 - Auth Bypass
CVSS 6.3
CVE-2025-59945 HIGH
sysreptor 2024.74-2025.83 - Authenticated Privilege Escalation via Self-Assigned Project Admin Permission
CVSS 8.1
CVE-2025-11048 MEDIUM
Portabilis i-Educar <2.10 - Info Disclosure
CVSS 6.3
CVE-2025-11047 MEDIUM
Portabilis i-Educar <2.10 - Auth Bypass
CVSS 6.3
CVE-2025-11030 HIGH
Tutorials-Website Employee Management System <611887d8f8375271ce8ab...
CVSS 7.3
CVE-2025-10992 MEDIUM
roncoo-pay <9428382af21cd5568319eae7429b7e1d0332ff40 - Auth Bypass
CVSS 5.3
CVE-2025-10989 MEDIUM
RuoYi < 4.8.1 - Improper Authorization via /system/role/authUser/selectAll userIds Parameter
CVSS 6.3
CVE-2025-10988 MEDIUM
YunaiV ruoyi-vue-pro <2025.09 - Auth Bypass
CVSS 6.3
CVE-2025-10987 MEDIUM
YunaiV yudao-cloud <2025.09 - Auth Bypass
CVSS 6.3
CVE-2025-10981 MEDIUM
JeecgBoot < 3.8.2 - Improper Authorization via /sys/tenant/exportXls
CVSS 4.3
CVE-2025-10980 MEDIUM
JeecgBoot < 3.8.2 - Improper Authorization via /sys/position/exportXls
CVSS 4.3
CVE-2025-10979 MEDIUM
JeecgBoot < 3.8.2 - Improper Authorization via /sys/role/exportXls
CVSS 4.3
CVE-2025-10978 MEDIUM
JeecgBoot < 3.8.2 - Improper Authorization in Filter Handler
CVSS 4.3
CVE-2025-10977 LOW
JeecgBoot < 3.8.2 - Improper Authorization via /sys/tenant/deleteBatch ids Parameter
CVSS 3.1
CVE-2025-10976 LOW
JeecgBoot < 3.8.2 - Improper Authorization via DepartId Parameter
CVSS 3.1
CVE-2025-10941 HIGH
Topaz SERVCore Teller <2.14.1 - Privilege Escalation
CVSS 7.8
CVE-2025-10822 MEDIUM
fuyang_lipengjun platform 1.0 - Improper Authorization in SysSmsLogController
CVSS 4.3
CVE-2025-10821 MEDIUM
fuyang_lipengjun platform 1.0 - Improper Authorization in TopicCategoryController
CVSS 4.3
CVE-2025-10820 MEDIUM
fuyang_lipengjun platform 1.0 - Incorrect Privilege Assignment in TopicController
CVSS 4.3
CVE-2025-10819 MEDIUM
fuyang_lipengjun platform 1.0 - Improper Authorization in UserCouponController
CVSS 4.3
CVE-2025-26517 MEDIUM
StorageGRID < 11.8.0.15 - Authenticated Privilege Escalation
CVSS 5.4
CVE-2025-10707 MEDIUM
JeecgBoot < 3.8.2 - Improper Authorization via /message/sysMessageTemplate/sendMsg
CVSS 6.3
CVE-2025-10676 MEDIUM
fuyang_lipengjun platform 1.0 - Incorrect Privilege Assignment in BrandController
CVSS 4.3
Details
Vulnerabilities 914
Links
MITRE CWE Entry Search this CWE With Exploits