Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

917 vulnerabilities with CWE-266

CVE-2025-8261 HIGH

Vaelsys VaelsysV4 4.1.0 - Unauthenticated User Creation via vgrid_server.php

CVE-2025-8181 HIGH

TOTOLINK N600R/X2000R 1.0.0.1 - Privilege Escalation

CVE-2025-31513 MEDIUM

AlertEnterprise Guardian <4.1.14.2.2.1 - Privilege Escalation

CVE-2025-7947 MEDIUM

jshERP < 3.5 - Improper Authorization via Account Handler ID Parameter

CVE-2025-44655 CRITICAL

TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9 - Privilege Escalation via vsftpd chroot_local_user Misconfiguration

CVE-2025-52836 CRITICAL

Unity Business Technology Pty Ltd The E-Commerce ERP <2.1.1.3 - Pri...

CVE-2025-34112 CRITICAL

Riverbed SteelCentral NetProfiler & NetExpress <10.8.7 - RCE

CVE-2025-7576 HIGH

Teledyne FLIR FB- and FH-Series 1.3.2.16 - Improper Access Controls

CVE-2025-7552 MEDIUM

Dromara Northstar <7.3.5 - Improper Access Controls

CVE-2025-0140 MEDIUM

Palo Alto Networks GlobalProtect App - Privilege Escalation

CVE-2025-0139 MEDIUM

Palo Alto Networks Autonomous Digital Experience Manager - Privileg...

CVE-2025-27028 MEDIUM

Radiflow iSAP Smart Collector <1.20 - Info Disclosure

CVE-2025-47422 HIGH

Advanced Installer <22.6 - Privilege Escalation

CVE-2025-43001 MEDIUM

SAPCAR >= 7.53 < 7.53, >= 7.22EXT < 7.22EXT - Privilege Escalation via Archive Extraction

CVE-2025-42992 MEDIUM

SAPCAR 7.22EXT-7.53 - Privilege Escalation via Malicious SAR Archive

CVE-2025-7076 MEDIUM

BlackVue Dashcam 590X < 2025-06-24 - Unauthenticated Improper Access Control in Configuration Handler

CVE-2025-49867 CRITICAL

RealHomes <= 4.4.0 - Privilege Escalation via Incorrect Privilege Assignment

CVE-2025-23970 CRITICAL

aonetheme Service Finder Booking <6.0 - Privilege Escalation

CVE-2025-27021 HIGH

Infinera G42 R6.1.3 - Privilege Escalation

CVE-2025-45006 CRITICAL

Open-Source RISC-V Processor <f517abb - Memory Corruption

CVE-2025-6765 MEDIUM

Intelbras InControl 2.21.60.9 - Incorrect Privilege Assignment via /v1/operador/ HTTP PUT Request

CVE-2025-52726 HIGH

Pebas CouponXxL Custom Post Types <3.0 - Privilege Escalation

CVE-2025-6736 MEDIUM

juzaweb CMS 3.4.2 - Incorrect Privilege Assignment in Add New Themes Page

CVE-2025-6735 MEDIUM

juzaweb CMS 3.4.2 - Improper Authorization in Import Page

CVE-2025-6702 MEDIUM

linlinjava litemall 1.8.0 - Incorrect Privilege Assignment via wx/comment/post adminComment Parameter

Previous Page 19 of 37 Next

Details

Vulnerabilities 917

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy