Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

926 vulnerabilities with CWE-266

CVE-2025-2397 LOW

China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P...

CVE-2025-2360 HIGH

D-Link DIR-823G 1.0.2B05_20181207 - Incorrect Privilege Assignment via SetUpnpSettings SOAPAction

CVE-2025-2359 HIGH

D-Link DIR-823G 1.0.2B05_20181207 - Incorrect Privilege Assignment via SetDDNSSettings SOAPAction

CVE-2025-2345 CRITICAL

IROAD Dash Cam X5-X6 <20250308 - Auth Bypass

CVE-2025-2334 MEDIUM

springboot-openai-chatgpt e84f6f5 - Improper Access Control in Chat History Handler

CVE-2025-1653 HIGH

uListing < 2.2.0 - Authenticated Privilege Escalation via stm_listing_profile_edit AJAX Action

CVE-2025-2320 HIGH

springboot-openai-chatgpt - Improper Authorization in User Handler Submit Function

CVE-2025-2218 MEDIUM

LoveCards 2.1.1-2.3.2 - Unauthenticated Improper Access Control in Setting Handler

CVE-2025-2121 MEDIUM

Thinkware Car Dashcam F800 Pro <20250226 - Info Disclosure

CVE-2025-2114 LOW

Shenzhen Sixun Software Sixun Shanghui Group Business Management Sy...

CVE-2025-2090 MEDIUM

PHPGurukul Pre-School Enrollment System 1.0 - Improper Access Control in Sub Admin Handler

CVE-2025-2089 MEDIUM

starsea-mall 1.0/2.X - Improper Access Control via UserController updateUserInfo

CVE-2025-21092 MEDIUM

GMOD Apollo < 2.8.0 - Privilege Escalation via Insufficient Access Checks

CVE-2025-1881 MEDIUM

i-Drive i11-i12 <20250227 - Improper Access Controls

CVE-2025-1847 MEDIUM

zframeworks zz < 2024-8 - Improper Authorization

CVE-2025-1815 HIGH

pbrong hrms <= 1.0.1 - Improper Authorization via User Cookie Manipulation

CVE-2025-1806 MEDIUM

Eastnets PaymentSafe <2.5.26.0 - Auth Bypass

CVE-2025-25767 MEDIUM

MRCMS 3.1.2 - Incorrect Privilege Assignment via UserController

CVE-2025-26523 HIGH

RupeeWeb < 66.9 - Authenticated Incorrect Privilege Assignment via API Endpoints

CVE-2025-1226 MEDIUM

yimioa < 2024-07-04 - Improper Authorization in /oa/setup/setup.jsp

CVE-2025-1078 MEDIUM

AppHouseKitchen AlDente Charge Limiter <1.29 - Privilege Escalation

CVE-2025-24648 HIGH

wpase.com ASE <7.6.2.1 - Privilege Escalation

CVE-2025-0849 MEDIUM

CampCodes School Management Software 1.0 - Unauthenticated Privilege Escalation via Staff Handler

CVE-2025-0802 HIGH

SourceCodester Best Employee Management System 1.0 - Info Disclosure

CVE-2025-0797 LOW

MicroWorld eScan Antivirus 7.0.32 - Info Disclosure

Previous Page 26 of 38 Next

Details

Vulnerabilities 926

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy