Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

914 vulnerabilities with CWE-266

CVE-2025-48142 HIGH

Bookify <1.0.9 - Privilege Escalation

CVE-2025-9151 MEDIUM

LiuYuYang01 ThriveX-Blog <3.1.7 - Auth Bypass

CVE-2025-5417 MEDIUM

Red Hat Developer Hub rhdh/rhdh-hub-rhel9 - Info Disclosure

CVE-2025-38738 MEDIUM

Dell SupportAssist for Home PCs < 4.8.2.38851 - Privilege Escalation via Installer

CVE-2025-36613 LOW

Dell SupportAssist for Home PCs < 4.8.2.38851 and Business PCs < 4.9.0 - Incorrect Privilege Assignment

CVE-2025-36612 MEDIUM

Dell SupportAssist for Business PCs < 4.9.0 - Privilege Escalation

CVE-2025-54697 HIGH

Kadence WP Kadence WooCommerce Email Designer <1.5.16 - Privilege E...

CVE-2025-53744 HIGH

FortiOS Security Fabric <7.6.3 - Privilege Escalation

CVE-2025-42936 MEDIUM

SAP NetWeaver Application Server for ABAP - Authenticated Privilege Escalation via Barcode Interface

CVE-2025-8840 MEDIUM

jshERP <= 3.5 - Improper Authorization via /jshERP-boot/user/deleteBatch Endpoint

CVE-2025-8839 MEDIUM

jshERP <= 3.5 - Improper Authorization via User Addition Endpoint

CVE-2025-8797 MEDIUM

LitmusChaos Litmus <3.19.0 - Privilege Escalation

CVE-2025-8795 MEDIUM

LitmusChaos Litmus < 3.19.0 - Improper Access Control via ProjectID Parameter

CVE-2025-8791 MEDIUM

LitmusChaos Litmus < 3.19.0 - Improper Authorization via /auth/list_projects Role Argument

CVE-2025-8790 MEDIUM

Portabilis i-Educar < 2.9.0 - Improper Authorization via Pessoa API Endpoint

CVE-2025-8758 HIGH

TRENDnet TEW-822DRE FW103B02 - Privilege Escalation

CVE-2025-8757 HIGH

TRENDnet TV-IP110WN 1.2.2 - Privilege Escalation

CVE-2025-8756 MEDIUM

tduck-platform < 5.1 - Improper Authorization in AuthorizationInterceptor preHandle

CVE-2025-8547 MEDIUM

pybbs < 6.0.0 - Improper Authorization in Email Verification Handler

CVE-2025-5999 HIGH

HashiCorp Vault 0.10.4-1.19.5 Privilege Escalation via Root Namespace Identity Endpoint

CVE-2025-43260 MEDIUM

macOS <15.6-14.7.7 - Privilege Escalation

CVE-2025-2179 MEDIUM

Palo Alto Networks GlobalProtect App - Privilege Escalation

CVE-2025-8261 HIGH

Vaelsys VaelsysV4 4.1.0 - Unauthenticated User Creation via vgrid_server.php

CVE-2025-8181 HIGH

TOTOLINK N600R/X2000R 1.0.0.1 - Privilege Escalation

CVE-2025-31513 MEDIUM

AlertEnterprise Guardian <4.1.14.2.2.1 - Privilege Escalation

Previous Page 18 of 37 Next

Details

Vulnerabilities 914

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy