Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

926 vulnerabilities with CWE-266

CVE-2023-21269 HIGH

Android - Local Privilege Escalation via Background Activity PiP Mode Bypass

CVE-2023-30691 HIGH

Samsung Android - Privilege Escalation via Parcel Mismatch in AuthenticationConfig

CVE-2023-30680 HIGH

Samsung Android - Incorrect Privilege Assignment in MMIGroup

CVE-2023-3518 HIGH

HashiCorp Consul <1.16.1 - Privilege Escalation

CVE-2023-39173 MEDIUM

JetBrains TeamCity <2023.05.2 - Privilege Escalation

CVE-2023-3300 MEDIUM

HashiCorp Nomad <1.5.6-1.4.1 - Info Disclosure

CVE-2023-3072 MEDIUM

HashiCorp Nomad <1.5.6-1.4.10 - Info Disclosure

CVE-2023-3114 MEDIUM

Terraform Enterprise <202306-1 - Privilege Escalation

CVE-2023-28956 HIGH

IBM Spectrum Protect Backup-Archive Client <8.1.17.2 - Privilege Es...

CVE-2023-2485 MEDIUM

GitLab 14.1-15.10.7, 15.11-15.11.6, 16.0-16.0.1 - Incorrect Privilege Assignment via Project Member Import

CVE-2023-2816 HIGH

Consul 1.15.0-1.15.3 - Incorrect Privilege Assignment via Envoy Extension Downstream Proxy Configuration

CVE-2023-1174 CRITICAL

minikube - Unauthenticated Unexpected Remote Access via Exposed Network Port

CVE-2023-1874 HIGH

WP Data Access <5.3.7 - Privilege Escalation

CVE-2023-20957 HIGH

Android - Local Privilege Escalation via SettingsPreferenceFragment Confused Deputy

CVE-2023-25591 HIGH

ClearPass Policy Manager - Authenticated Information Disclosure via Web Management Interface

CVE-2022-50927 MEDIUM

Cyclades Serial Console Server 3.3.0 - Privilege Escalation

CVE-2022-4441 HIGH

Hitachi Storage Plug-in for VMware vCenter 04.9.0 - Authenticated Privilege Escalation

CVE-2022-4041 MEDIUM

Hitachi Storage Plug-in for VMware vCenter <4.9.1 - Privilege Escal...

CVE-2022-4613 MEDIUM

Click Studios Passwordstate - Auth Bypass

CVE-2022-3876 MEDIUM

Click Studios Passwordstate - Auth Bypass

CVE-2022-4281 MEDIUM

Facepay 1.0 - Authorization Bypass via userId Parameter

CVE-2022-4280 MEDIUM

Dot Tech Smart Campus System - Information Disclosure via findUser Endpoint

CVE-2022-4276 MEDIUM

House Rental System - Unrestricted File Upload via tenant-engine.php id_photo Parameter

CVE-2022-4273 HIGH

SourceCodester Human Resource Management System 1.0 - Unrestricted File Upload via pfimg Argument

CVE-2022-4272 MEDIUM

Warehouse Management System - Unrestricted File Upload

Previous Page 34 of 38 Next

Details

Vulnerabilities 926

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy