Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

926 vulnerabilities with CWE-266

CVE-2025-2992 MEDIUM

Tenda FH1202 1.2.0.14(408 - Improper Access Controls

CVE-2025-2991 MEDIUM

Tenda FH1202 1.2.0.14(408) - Info Disclosure

CVE-2025-2990 MEDIUM

Tenda FH1202 1.2.0.14(408) - Info Disclosure

CVE-2025-2989 MEDIUM

Tenda FH1202 1.2.0.14(408) - Info Disclosure

CVE-2025-2955 MEDIUM

TOTOLINK A3000RU <5.9c.5185 - Improper Access Controls

CVE-2025-2954 LOW

mannaandpoem OpenManus <2025.3.13 - Improper Access Controls

CVE-2025-2713 HIGH

gVisor < 20240325.0 - Local Privilege Escalation via File Access Permission Mishandling

CVE-2025-26512 CRITICAL

SnapCenter < 6.0.1P1 and < 6.1P1 - Authenticated Privilege Escalation to Admin via Plug-in

CVE-2025-2688 MEDIUM

TOTOLINK A3000RU <5.9c.5185 - Improper Access Controls

CVE-2025-2686 MEDIUM

mingyuefusu <d4836f6b49cd0ac79a4021b15ce99ff7229d4694 - Improper Ac...

CVE-2025-2653 MEDIUM

FoxCMS 1.25 - Improper Authorization

CVE-2025-2639 MEDIUM

jizhicms < 1.7 - Improper Authorization in Article Handler

CVE-2025-2638 MEDIUM

jizhicms < 1.7 - Incorrect Privilege Assignment in Article Handler

CVE-2025-2637 MEDIUM

jizhicms < 1.7 - Improper Authorization via Account Profile Page Jifen Parameter

CVE-2025-2589 MEDIUM

code-projects Human Resource Management System 1.0.1 - Incorrect Privilege Assignment via user_cookie Argument

CVE-2025-2557 MEDIUM

Audi UTR Dashcam <2.89-2.90 - Improper Access Controls

CVE-2025-2553 MEDIUM

D-Link DIR-618 and DIR-605L - Improper Access Control in Virtual Server Configuration

CVE-2025-2552 MEDIUM

D-Link DIR-618 and DIR-605L 2.02/3.02 - Improper Access Control in formTcpipSetup

CVE-2025-2551 MEDIUM

D-Link DIR-618 and DIR-605L - Improper Access Control in /goform/formSetPortTr

CVE-2025-2550 MEDIUM

D-Link DIR-618 and DIR-605L 2.02/3.02 - Improper Access Control in DDNS Service

CVE-2025-2549 MEDIUM

D-Link DIR-618 and DIR-605L 2.02/3.02 - Improper Access Control via formSetPassword

CVE-2025-2548 MEDIUM

D-Link DIR-618 and DIR-605L - Improper Access Control in formSetDomainFilter

CVE-2025-2547 MEDIUM

D-Link DIR-618 and DIR-605L - Improper Access Control in /goform/formAdvNetwork

CVE-2025-2546 MEDIUM

D-Link DIR-618 and DIR-605L - Improper Access Control in Firewall Service

CVE-2025-0628 HIGH

BerriAI/litellm - Privilege Escalation

Previous Page 25 of 38 Next

Details

Vulnerabilities 926

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy