Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

926 vulnerabilities with CWE-266

CVE-2022-4232 MEDIUM

SourceCodester Event Registration System 1.0 - Unrestricted File Upload via cmd Argument

CVE-2022-3944 MEDIUM

ERP - Unrestricted File Upload in Commodity Management

CVE-2022-3826 MEDIUM

Huaxia ERP - Information Disclosure via Retail Management Search Parameter

CVE-2022-42825 MEDIUM

iPadOS < 16.0 - Unauthorized File System Modification via Entitlement Misconfiguration

CVE-2022-3771 MEDIUM

easyiicms - Unrestricted File Upload in Upload.php File Helper

CVE-2022-3770 MEDIUM

Yunjing CMS - Unrestricted File Upload via /index/user/upload_img.html

CVE-2022-3735 MEDIUM

ehoney - Incorrect Privilege Assignment in /api/public/signup

CVE-2022-3549 MEDIUM

SourceCodester Simple Cold Storage Management System 1.0 - Unrestri...

CVE-2022-3496 MEDIUM

SourceCodester Human Resource Management System 1.0 - Incorrect Privilege Assignment in Admin Panel

CVE-2022-3458 MEDIUM

SourceCodester Human Resource Management System 1.0 - Unrestricted File Upload in Image File Handler

CVE-2022-3436 MEDIUM

Web-Based Student Clearance System 1.0 - Unrestricted File Upload in Photo Handler

CVE-2022-2637 MEDIUM

Hitachi Storage Plug-in for VMware vCenter 04.8.0-04.8.9 - Authenticated Privilege Escalation

CVE-2022-20855 HIGH

Cisco IOS XE for Embedded Wireless Controllers - Authenticated OS Command Injection via Self-Healing Functionality

CVE-2022-2626 HIGH

GitHub hestiacp/hestiacp <1.6.6 - Privilege Escalation

CVE-2022-1746 HIGH

Dominion Voting Systems ImageCast X - Incorrect Privilege Assignment

CVE-2022-20819 MEDIUM

Cisco Identity Services Engine - Authenticated Sensitive Information Exposure via Web Management Interface

CVE-2022-20759 HIGH

Cisco ASA/FTD - Privilege Escalation

CVE-2022-20681 HIGH

Cisco IOS XE - Privilege Escalation

CVE-2022-20782 MEDIUM

Cisco Identity Services Engine - Authenticated Sensitive Information Exposure via Web Interface

CVE-2022-1225 MEDIUM

phpipam < 1.4.6 - Incorrect Privilege Assignment

CVE-2021-47799 MEDIUM

Visual Tools DVR VX16 <4.2.28 - Privilege Escalation

CVE-2021-47241 HIGH

Linux Kernel - Incorrect Privilege Assignment in Ethtool String Set Message Length Calculation

CVE-2021-40124 MEDIUM

Cisco Anyconnect Secure Mobility Client < 4.10.03104 - Improper Privilege Management

CVE-2021-40123 MEDIUM

Cisco Identity Services Engine - Authenticated Arbitrary File Download via Web Interface

CVE-2021-36097 LOW

OTRS <8.0.16 - Privilege Escalation

Previous Page 35 of 38 Next

Details

Vulnerabilities 926

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy