Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

914 vulnerabilities with CWE-266

CVE-2026-10218 MEDIUM

nextlevelbuilder GoClaw evolution_handlers.go auth improper authorization

CVE-2026-10217 MEDIUM

nextlevelbuilder GoClaw RoleAdmin Gateway tts_config.go handleSave privileges management

CVE-2026-10215 MEDIUM

Dolibarr ERP CRM Leave Request REST API api_holidays.class.php checkUserAccessToObject improper authorization

CVE-2026-10152 MEDIUM

TaleLin lin-cms-spring-boot book Endpoint BookController.java access control

CVE-2026-10070 MEDIUM

macrozheng mall Super Admin Password update improper authorization

CVE-2026-35671 HIGH

phpMyFAQ - Insecure Direct Object Reference in User Password API

CVE-2026-9795 HIGH

Keycloak: keycloak: privilege escalation via improper scope mapping enforcement

CVE-2026-42758 CRITICAL

WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability

CVE-2026-42731 CRITICAL

WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability

CVE-2026-9604 MEDIUM

JeecgBoot AiragModelController access control

CVE-2026-9581 MEDIUM

JeecgBoot add access control

CVE-2026-9580 HIGH

JeecgBoot selectDepart LoginController.selectDepart access control

CVE-2026-9579 MEDIUM

JeecgBoot SysUser userEdit user.getUsername access control

CVE-2026-9562 HIGH

sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard access control

CVE-2026-9517 HIGH

hemant6488 CodeIgniter-StudentManagementSystem Student Management addStudentView access control

CVE-2026-45216 HIGH

WordPress Smart Manager plugin <= 8.85.0 - Privilege Escalation vulnerability

CVE-2026-9484 MEDIUM

SourceCodester Student Grades Management System classroom.php removeStudentFromClassroom improper authorization

CVE-2026-9483 MEDIUM

SourceCodester Student Grades Management System grades.php improper authorization

CVE-2026-9412 MEDIUM

SourceCodester Indian Invoicing System Backend Endpoint access control

CVE-2026-9410 MEDIUM

Sushmi-pal Invoice-System Profile Workflow profile improper authorization

CVE-2026-9409 MEDIUM

Sushmi-pal Invoice-System User Management user improper authorization

CVE-2026-9397 HIGH

Besen BS20 EV Charging Station OTA Update Installation improper authorization

CVE-2026-9376 MEDIUM

JPress UCenter Article Submission Endpoint doWriteSave improper authorization

CVE-2026-48172 CRITICAL KEV

LiteSpeed cPanel Plugin < 2.4.5 - Privilege Escalation via Redis Feature Mishandling

CVE-2026-22315 HIGH

Mesalvo Meona Client Launcher <= 19.06.2020 & Server <= 2025.04 - Unprotected User Data Exposure

Previous Page 3 of 37 Next

Details

Vulnerabilities 914

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy