CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

926 vulnerabilities with CWE-266
CVE-2024-9479 CRITICAL
upKeeper Instant Privilege Access <1.2 - Privilege Escalation
CVE-2024-9478 CRITICAL
upKeeper Instant Privilege Access <1.2 - Privilege Escalation
CVE-2024-52442 CRITICAL
Userplus <2.0 - Privilege Escalation
CVSS 9.8
CVE-2024-11306 MEDIUM
Altenergy Power Control Software <20241108 - Auth Bypass
CVSS 5.3
CVE-2024-10978 MEDIUM
PostgreSQL <12.21,13.17,14.14,15.9,16.5,17.1 Privilege Assignment Flaw via SET ROLE/SESSION AUTHORIZATION
CVSS 4.2
CVE-2024-9476 MEDIUM
Grafana Labs Grafana OSS/Enterprise - Privilege Escalation
CVE-2024-29119 HIGH
Spectrum Power 7 < V24Q3 - Authenticated Privilege Escalation via SUID Binaries
CVSS 7.8
CVE-2024-47595 MEDIUM
SAP Host Agent - Incorrect Privilege Assignment
CVSS 6.3
CVE-2024-11073 MEDIUM
Hospital Management System 1.0 - Unauthenticated IDOR via Patient ID
CVSS 4.3
CVE-2024-45759 MEDIUM
Dell PowerProtect Data Domain < 7.7.5.50 - Privilege Escalation via System Config Overwrite
CVSS 6.8
CVE-2024-10766 MEDIUM
Free Exam Hall Seating Management System 1.0 - Unrestricted File Upload via Image Argument in save_user.php
CVSS 6.3
CVE-2024-10765 MEDIUM
Codezips Online Institute Management System <= 1.0 - Unrestricted File Upload via Profile Image Parameter
CVSS 6.3
CVE-2024-10764 MEDIUM
Codezips Online Institute Management System 1.0 - Unrestricted File Upload via Image Parameter in save_user.php
CVSS 6.3
CVE-2024-10654 MEDIUM
TOTOLINK LR350 <= 9.3.5u.6369 - Authorization Bypass via authCode Parameter
CVSS 5.3
CVE-2024-50506 HIGH
Azexo Marketing Automation <1.27.80 - Privilege Escalation
CVSS 8.8
CVE-2024-50504 HIGH
Matt Whiteman Bulk Change Role <1.1 - Privilege Escalation
CVSS 8.8
CVE-2024-50550 HIGH
LiteSpeed Cache <= 6.5.1 - Privilege Escalation via Incorrect Privilege Assignment
CVSS 8.1
CVE-2024-50485 CRITICAL
Udit Rawat Exam Matrix <1.5 - Privilege Escalation
CVSS 9.8
CVE-2024-50481 HIGH
Stack Themes Bstone Demo Importer <1.0.1 - Privilege Escalation
CVSS 8.8
CVE-2024-47904 HIGH
InterMesh 7177 Hybrid 2.0 < 8.2.12 & 7707 Fire < 7.2.12 - Privilege Escalation via SUID Binary
CVSS 7.8
CVE-2024-49608 HIGH
GERRYWORKS Post by Mail - Privilege Escalation
CVSS 8.8
CVE-2024-49322 CRITICAL
CodePassenger Job Board Manager - Privilege Escalation
CVSS 9.8
CVE-2024-49219 HIGH
themexpo RS-Members <= 1.0.3 - Privilege Escalation via Incorrect Privilege Assignment
CVSS 8.8
CVE-2024-49217 CRITICAL
Adding drop down roles in registration <= 1.1 - Privilege Escalation
CVSS 9.8
CVE-2024-9863 CRITICAL
UserPro plugin <3.6.0 - Privilege Escalation
CVSS 9.8
Details
Vulnerabilities 926
Links
MITRE CWE Entry Search this CWE With Exploits