Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

926 vulnerabilities with CWE-266

CVE-2024-7480 MEDIUM

Avaya Aura System Manager 10.1.x.x and 10.2.x.x - Authenticated Arbitrary File Read via CLI

CVE-2024-41139 HIGH

SKYSEA Client View 6.010.06-19.210.04e - Privilege Escalation via DLL Placement

CVE-2024-40433 HIGH

Tencent WeChat <8.0.37 - Privilege Escalation

CVE-2024-36534 HIGH

hwameistor <0.14.3 - Privilege Escalation

CVE-2024-23794 MEDIUM

OTRS 8.0.X, 2023.X, 2024.X-2024.4.x - Privilege Escalation via Inline Editing Functionality

CVE-2024-37927 CRITICAL

NooTheme Jobmonster <4.7.0 - Privilege Escalation

CVE-2024-31315 HIGH

Android - Local Privilege Escalation via Notification Access Settings

CVE-2024-38278 MEDIUM

RUGGEDCOM Various - Info Disclosure

CVE-2024-37134 MEDIUM

Dell PowerScale OneFS 8.2.2-9.8.0.0 - Privilege Escalation to Root

CVE-2024-37132 MEDIUM

Dell PowerScale OneFS 8.2.2-9.8.0.0 - Denial of Service and Privilege Escalation

CVE-2024-31912 HIGH

IBM MQ 9.3 LTS and 9.3 CD - Authenticated Privilege Escalation via Incorrect Privilege Assignment

CVE-2024-27275 HIGH

IBM i 7.2-7.5 - Incorrect Privilege Assignment in Physical File Trigger Configuration

CVE-2024-0085 MEDIUM

NVIDIA vGPU < 13.11 and Cloud Gaming < 555.52.04 - Privilege Escalation

CVE-2024-36587 HIGH

DNSCrypt-proxy <2.1.5 - Privilege Escalation

CVE-2024-37293 HIGH

AWS Deployment Framework < 4.0.0 - Privilege Escalation via Bootstrap CodeBuild Role

CVE-2024-35700 CRITICAL

Userpro <= 5.1.8 - Unauthenticated Account Takeover via Incorrect Privilege Assignment

CVE-2024-4870 HIGH

Frontend Registration - Contact Form 7 <5.1 - Privilege Escalation

CVE-2024-32959 HIGH

Sirv <= 7.2.2 - Incorrect Privilege Assignment via Arbitrary Option Update

CVE-2024-32507 HIGH

Hamid Alinia - idehweb <1.7.16 - Privilege Escalation

CVE-2024-24882 CRITICAL

Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation

CVE-2024-22145 HIGH

InstaWP Connect <0.1.0.8 - Privilege Escalation

CVE-2024-20389 HIGH

Cisco ConfD/Crosswork - Privilege Escalation

CVE-2024-31771 HIGH

TotalAV <6.0.740 - Privilege Escalation

CVE-2024-27460 MEDIUM

Plantronics Hub <3.25.1 - Privilege Escalation

CVE-2024-27273 HIGH

IBM AIX 7.2-7.3 and VIOS 3.1-4.1 - Privilege Escalation via Unix Domain Datagram Socket SO_PEERID Operation

Previous Page 32 of 38 Next

Details

Vulnerabilities 926

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy