Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

917 vulnerabilities with CWE-266

CVE-2025-39542 HIGH

Jauhari Xelion Xelion Webchat <9.1.0 - Privilege Escalation

CVE-2025-32648 CRITICAL

Projectopia <5.1.16 - Privilege Escalation

CVE-2025-3675 MEDIUM

TOTOLINK A3700R 9.1.2u.5822_B20200513 - Improper Access Control in setL2tpServerCfg

CVE-2025-3674 MEDIUM

TOTOLINK A3700R 9.1.2u.5822_B20200513 - Improper Access Control in setUrlFilterRules Function

CVE-2025-3668 MEDIUM

TOTOLINK A3700R 9.1.2u.5822_B20200513 - Improper Access Control in setScheduleCfg Function

CVE-2025-3667 MEDIUM

TOTOLINK A3700R 9.1.2u.5822_B20200513 - Improper Access Control in setUPnPCfg Function

CVE-2025-3666 MEDIUM

TOTOLINK A3700R 9.1.2u.5822_B20200513 - Improper Access Control in setDdnsCfg Function

CVE-2025-3665 MEDIUM

TOTOLINK A3700R 9.1.2u.5822_B20200513 - Improper Access Control in setSmartQosCfg

CVE-2025-3664 MEDIUM

TOTOLINK A3700R 9.1.2u.5822_B20200513 - Improper Access Control in setWiFiEasyGuestCfg

CVE-2025-3663 MEDIUM

TOTOLINK A3700R 9.1.2u.5822_B20200513 - Improper Access Control in Password Handler

CVE-2025-3587 MEDIUM

ZeroWdd studentmanager 1.0 - Improper Authorization via /getTeacherList

CVE-2025-3569 MEDIUM

JamesZBL db-hospital-drug 1.0 - Improper Authorization in ShiroConfig.java

CVE-2025-3567 MEDIUM

Echo 4.2 - Incorrect Privilege Assignment in LoginTicketInterceptor

CVE-2025-3564 MEDIUM

huanfenz StudentManager <= 1.0 - Improper Authorization in Teacher String Handler

CVE-2025-3550 MEDIUM

wowjoy Internet Doctor Workstation System 1.0 - Info Disclosure

CVE-2025-3537 MEDIUM

Tutorials-Website Employee Management System 1.0 - Improper Authorization via ID Parameter in /admin/update-user.php

CVE-2025-3536 MEDIUM

Tutorials-Website Employee Management System 1.0 - Improper Authorization in Delete User Function

CVE-2025-23391 CRITICAL

Rancher 2.8.0-2.8.13, 2.9.0-2.9.7, 2.10.0-2.10.3 - Authenticated Privilege Escalation via Administrator Password Change

CVE-2025-32491 CRITICAL

Rankology SEO <2.2.3 - Privilege Escalation

CVE-2025-31524 HIGH

NotFound WP User Profiles <2.6.2 - Privilege Escalation

CVE-2025-32695 CRITICAL

Mestres do WP Checkout Mestres WP <8.7.5 - Privilege Escalation

CVE-2025-25023 MEDIUM

IBM Security Guardium <12.1 - Info Disclosure

CVE-2025-23407 MEDIUM

Wi-Fi AP UNIT AC-WPS-11ac - Privilege Escalation

CVE-2025-3398 MEDIUM

Lenve VBlog <1.0.0 - Improper Access Controls

CVE-2025-3325 MEDIUM

iteaj iboot 1.1.3 - Improper Access Control in Admin Password Handler

Previous Page 23 of 37 Next

Details

Vulnerabilities 917

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy