Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

914 vulnerabilities with CWE-266

CVE-2026-7109 MEDIUM

code-projects Invoice System in Laravel API Endpoint item improper authorization

CVE-2026-7093 MEDIUM

code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization

CVE-2026-7092 MEDIUM

code-projects Invoice System in Laravel Profile profile improper authorization

CVE-2026-7091 MEDIUM

code-projects Invoice System in Laravel User Management user improper authorization

CVE-2026-6977 HIGH

vanna-ai vanna Legacy Flask API improper authorization

CVE-2026-33519 CRITICAL

Incorrect privilege assignment in Portal for ArcGIS

CVE-2026-33518 CRITICAL

Incorrect privilege assignment in Portal for ArcGIS

CVE-2026-40869 HIGH

Decidim amendments can be accepted or rejected by anyone

CVE-2026-6634 MEDIUM

usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization

CVE-2026-6609 MEDIUM

liangliangyy DjangoBlog views.py form_valid improper authorization

CVE-2026-6572 MEDIUM

Collabora KodExplorer fileUpload Endpoint share.class.php improper authorization

CVE-2026-6564 MEDIUM

EMQ EMQX Enterprise Session Handling improper authorization

CVE-2026-27668 HIGH

Siemens RUGGEDCOM CROSSBOW SAM-P <V5.8 - Privilege Escalation

CVE-2026-6201 MEDIUM

CodeAstro Online Job Portal Delete Job Posting job-delete.php access control

CVE-2026-6105 HIGH

perfree go-fastdfs-web doInstall InstallController.java improper authorization

CVE-2026-5999 MEDIUM

JeecgBoot SysAnnouncementController improper authorization

CVE-2026-27102 MEDIUM

Dell PowerScale OneFS 9.5.0.0-9.10.1.6/9.11.0.0-9.13.0.1 - Privilege Escalation

CVE-2026-5642 HIGH

Cyber-III Student-Management-System HTTP POST Request update.php improper authorization

CVE-2026-5569 HIGH

Technostrobe HI-LED-WR120-G2 Endpoint access control

CVE-2026-5529 MEDIUM

Dromara lamp-cloud DefUserController pageUser improper authorization

CVE-2026-5526 HIGH

Tenda 4G03 Pro httpd access control

CVE-2026-5484 MEDIUM

BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control

CVE-2026-5330 MEDIUM

SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control

CVE-2026-5312 MEDIUM

D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control

CVE-2026-5311 MEDIUM

D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control

Previous Page 5 of 37 Next

Details

Vulnerabilities 914

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy