CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

914 vulnerabilities with CWE-266
CVE-2025-49401 CRITICAL
Quiz And Survey Master <10.2.5 - Code Injection
CVSS 9.8
CVE-2025-10013 MEDIUM
Portabilis i-educar < 2.10.0 - Incorrect Privilege Assignment in /exportacao-para-o-seb Endpoint
CVSS 6.3
CVE-2025-58841 MEDIUM
John Luetke Media Author <1.0.4 - Privilege Escalation
CVSS 5.5
CVE-2025-22415 MEDIUM
Android - Local Privilege Escalation via android_app Android.bp
CVSS 4.0
CVE-2025-48528 MEDIUM
Multiple Locations - Privilege Escalation
CVSS 4.0
CVE-2025-48526 MEDIUM
Android - Local Privilege Escalation via ChooserActivity Input Validation
CVSS 4.0
CVE-2025-26425 MEDIUM
Android - Local Privilege Escalation via RoleService Permission Logic Error
CVSS 4.0
CVE-2025-9937 MEDIUM
elunez eladmin <1.1 - Privilege Escalation
CVSS 5.4
CVE-2025-9936 MEDIUM
fuyang_lipengjun platform 1.0.0 - Improper Authorization in AdController
CVSS 4.3
CVE-2025-9760 MEDIUM
Portabilis i-educar < 2.10.0 - Incorrect Privilege Assignment in Matricula API
CVSS 6.3
CVE-2025-9687 MEDIUM
Portabilis i-Educar <2.10 - Privilege Escalation
CVSS 6.3
CVE-2025-9609 MEDIUM
Portabilis i-Educar <2.10 - Info Disclosure
CVSS 6.3
CVE-2025-58323 HIGH
NAVER MYBOX Explorer <3.0.8.133 - Privilege Escalation
CVSS 7.7
CVE-2025-9602 MEDIUM
RockOA < 2.6.9 - Improper Authorization via publicsaveAjax Function
CVSS 6.3
CVE-2025-49388 CRITICAL
Miraculous Core Plugin <2.0.7 - Privilege Escalation
CVSS 9.8
CVE-2025-48348 MEDIUM
chandrashekharsahu Site Offline - Privilege Escalation
CVSS 4.3
CVE-2025-58322 HIGH
NAVER MYBOX Explorer <3.0.8.133 - Privilege Escalation
CVSS 7.8
CVE-2025-57797 HIGH
ScanSnap Manager <V6.5L61 - Privilege Escalation
CVSS 7.8
CVE-2025-50691 MEDIUM
MCSManager 10.5.3 - Privilege Escalation
CVSS 5.3
CVE-2025-54735 HIGH
CubeWP Framework <1.1.24 - Privilege Escalation
CVSS 8.8
CVE-2025-54049 CRITICAL
miniOrange Custom API for WP - Privilege Escalation
CVSS 9.9
CVE-2025-53580 CRITICAL
Simple Business Directory Pro - Privilege Escalation
CVSS 9.8
CVE-2025-49422 CRITICAL
Aelora iframe Wrapper <0.1.1 - XSS
CVSS 9.8
CVE-2025-48165 HIGH
DELUCKS SEO <= 2.6.0 - Privilege Escalation via Incorrect Privilege Assignment
CVSS 8.8
CVE-2025-48164 HIGH
Brainstorm Force SureDash <1.0.3 - Privilege Escalation
CVSS 8.8
Details
Vulnerabilities 914
Links
MITRE CWE Entry Search this CWE With Exploits