Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

917 vulnerabilities with CWE-266

CVE-2025-3744 HIGH

Nomad Enterprise < 1.8.13 - Policy Override Bypass in Job Submissions

CVE-2025-40571 LOW

Mendix OIDC SSO <4.1.0, <4.0.1, <3.3.0 - Privilege Escalation

CVE-2025-4374 MEDIUM

Red Hat Quay < 3.14.0 - Incorrect Privilege Assignment via Proxy Cache Repository Creation

CVE-2025-2898 HIGH

IBM Maximo Application Suite 9.0 - Privilege Escalation via RBAC Misconfiguration

CVE-2025-4269 MEDIUM

TOTOLINK A720R 4.1.5cu.374 - Improper Access Controls

CVE-2025-3517 MEDIUM

Devolutions Server < 2025.1.6.0 - Privilege Escalation via PAM JIT Username Update

CVE-2025-27007 CRITICAL

OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation

CVE-2025-4136 MEDIUM

Weitong Mall 1.0.0 - Improper Authorization via Sale Endpoint ID Parameter

CVE-2025-4119 MEDIUM

Weitong Mall 1.0.0 - Improper Access Control in Product Statistics Handler

CVE-2025-4118 MEDIUM

Weitong Mall 1.0.0 - Improper Access Control in Product History Handler

CVE-2025-4067 MEDIUM

ScriptAndTools Online-Travling-System 1.0 - Improper Access Control in /admin/viewpackage.php

CVE-2025-4066 HIGH

ScriptAndTools Online-Travling-System 1.0 - Improper Access Control in /admin/addpackage.php

CVE-2025-4065 HIGH

ScriptAndTools Online-Travling-System 1.0 - Improper Access Control in /admin/addadvertisement.php

CVE-2025-4064 MEDIUM

ScriptAndTools Online-Travling-System 1.0 - Improper Access Control in /admin/viewenquiry.php

CVE-2025-4036 MEDIUM

xxyopen novel 3.5.0 - Improper Access Control in AuthorController updateBookChapter

CVE-2025-4017 MEDIUM

novel-plus < 5.1.1 - Improper Authorization in LogController

CVE-2025-4016 MEDIUM

novel-plus < 5.1.1 - Improper Authorization in LogController deleteIndex Function

CVE-2025-3981 MEDIUM

wowjoy Internet Doctor Workstation System 1.0 - Info Disclosure

CVE-2025-3980 MEDIUM

wowjoy Internet Doctor Workstation System 1.0 - Auth Bypass

CVE-2025-3977 MEDIUM

iteachyou Dreamer CMS <4.1.3 - Info Disclosure

CVE-2025-3967 MEDIUM

itwanger paicoding 1.0.3 - Auth Bypass

CVE-2025-2850 LOW

GL.iNet Various - Path Traversal

CVE-2025-32980 CRITICAL

NETSCOUT nGeniusONE <6.4.0 P11 b3245 - Info Disclosure

CVE-2025-2470 CRITICAL

Service Finder Bookings - Privilege Escalation

CVE-2025-3790 MEDIUM

Apache Druid Monitoring Console - Improper Access Controls

Previous Page 22 of 37 Next

Details

Vulnerabilities 917

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy