Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

917 vulnerabilities with CWE-266

CVE-2025-41255 HIGH

Cyberduck <9.1.6 - Mountain Duck <4.17.5 - Info Disclosure

CVE-2025-23260 MEDIUM

NVIDIA AIStore < 2.3.0 - Incorrect Privilege Assignment via AIS Operator ServiceAccount

CVE-2025-6532 MEDIUM

NOYAFA/Xiami LF9 Pro <20250611 - Info Disclosure

CVE-2025-6531 MEDIUM

SIFUSM/MZZYG BD S1 <20250611 - Info Disclosure

CVE-2025-6527 LOW

70mai M300 <20250611 - Improper Access Controls

CVE-2025-6525 MEDIUM

70mai 1S <= 20250611 - Unauthenticated Improper Authorization via Configuration Handler

CVE-2025-6099 MEDIUM

szluyu99 gin-vue-blog <61dd11ccd296e8642a318ada3ef7b3f7776d2410 - A...

CVE-2025-49580 HIGH

XWiki 7.4.5-16.4.6, 16.10.0-16.10.3, 17.0.0-rc-1-17.0.0 - Incorrect Privilege Assignment via Page Link Renaming

CVE-2025-4228 MEDIUM

Palo Alto Networks Cortex XDR Broker VM - Privilege Escalation

CVE-2025-4922 HIGH

Nomad 1.4.0-1.10.1 - Incorrect Privilege Assignment via Prefix-Based ACL Policy Lookup

CVE-2025-48129 CRITICAL

Holest Engineering Spreadsheet Price Changer <2.4.37 - Privilege Es...

CVE-2025-47561 HIGH

PT Norther Lights Production MapSVG <8.6.13 - Privilege Escalation

CVE-2025-23974 HIGH

ifkooo One-Login <1.4 - Privilege Escalation

CVE-2025-5791 HIGH

users crate >=0.8.0 - Privilege Escalation via Incorrect Group Listing

CVE-2025-48911 HIGH

Note Sharing Module - Privilege Escalation

CVE-2025-5649 MEDIUM

Student Result Management System 1.0 - Unauthenticated Privileged User Creation via Register Interface

CVE-2025-46204 MEDIUM

Unifiedtransform v2.0 - Privilege Escalation

CVE-2025-46203 MEDIUM

Unifiedtransform 2.0 - Privilege Escalation via /students/edit/{id} Endpoint

CVE-2025-5522 HIGH

bskms < dffe6640b5b54d8e29da6f060e0493fea74b3fad - Incorrect Privilege Assignment in User Creation Handler

CVE-2025-5511 MEDIUM

quequnlong shiyi-blog <1.2.1 - Info Disclosure

CVE-2025-5429 MEDIUM

juzaweb CMS < 3.4.2 - Improper Access Control in Plugins Page

CVE-2025-5428 MEDIUM

juzaweb CMS < 3.4.2 - Improper Access Control in Error Logs Page

CVE-2025-5427 MEDIUM

juzaweb CMS 3.4-3.4.2 - Improper Access Control in Permalinks Page

CVE-2025-5426 MEDIUM

juzaweb CMS < 3.4.2 - Improper Access Control in Menu Page

CVE-2025-5425 MEDIUM

juzaweb CMS < 3.4.2 - Improper Access Control in Theme Editor Page

Previous Page 20 of 37 Next

Details

Vulnerabilities 917

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy