Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

926 vulnerabilities with CWE-266

CVE-2024-9180 HIGH

OpenBao < 2.0.3 and Vault 1.17.7-1.17.6, 1.18.0-1.17.9, <1.18.0 - Privilege Escalation via Identity Endpoint

CVE-2024-9519 HIGH

UserPlus < 2.0 - Authenticated Privilege Escalation via Registration Form Role Update

CVE-2024-48941 MEDIUM

Syracom Secure Login < 3.1.4.5 - Two-Factor Authentication Bypass via /rest Endpoint

CVE-2024-47653 MEDIUM

Shilpi Client Dashboard - Privilege Escalation

CVE-2024-25660 CRITICAL

Nokia Transcend Network Management Sy... - Incorrect Privilege Assignment

CVE-2024-25632 HIGH

eLabFTW <5.0.0 - Privilege Escalation

CVE-2024-46511 HIGH

LoadZilla LLC LoadLogic <1.4.3 - RCE

CVE-2024-46540 MEDIUM

emlog < 2.3.15 - Remote Code Execution via /admin/store.php File Download

CVE-2024-9082 MEDIUM

SourceCodester Online Eyewear Shop 1.0 - Incorrect Privilege Assignment in User Creation Handler

CVE-2024-22303 HIGH

Houzez <3.2.4 - Privilege Escalation

CVE-2024-21743 HIGH

Houzez Login Register <3.2.5 - Privilege Escalation

CVE-2024-8253 HIGH

Post Grid and Gutenberg Blocks <2.2.90 - Privilege Escalation

CVE-2024-40681 HIGH

IBM MQ 9.1-9.4 - Authenticated Privilege Escalation via Queue Manager Security Bypass

CVE-2024-39579 MEDIUM

Dell PowerScale OneFS 8.2.2.x-9.8.0.0 - Privilege Escalation to Root

CVE-2024-4555 HIGH

OpenText NetIQ Access Manager < 5.0.4.1 and < 5.1 - User Account Impersonation

CVE-2024-45187 HIGH

Mage AI - Unauthenticated Remote Code Execution via Deleted User Privilege Escalation

CVE-2024-39576 HIGH

Dell Power Manager < 3.16.0 - Incorrect Privilege Assignment

CVE-2024-20466 MEDIUM

Cisco Identity Services Engine - Authenticated Sensitive Information Exposure via Web Management Interface

CVE-2024-28000 CRITICAL

WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin

CVE-2024-6322 MEDIUM

Grafana 11.1.0-11.1.1 and 11.1.2-11.1.3 - Incorrect Privilege Assignment via ReqActions Bypass

CVE-2024-34738 HIGH

Android - Incorrect Privilege Assignment in AppOpsService

CVE-2024-25633 MEDIUM

elabftw 4.4.0-4.9.9 - Unauthenticated Privilege Escalation via User Account Creation

CVE-2024-42441 MEDIUM

Zoom Workplace Desktop App <6.1.5 - Privilege Escalation

CVE-2024-43153 CRITICAL

Woffice <5.4.10 - Privilege Escalation

CVE-2024-6758 MEDIUM

Sprecher Automation SPRECON-E <8.71j - Privilege Escalation

Previous Page 31 of 38 Next

Details

Vulnerabilities 926

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy