VYPR

CWE-266

Incorrect Privilege Assignment

BaseDraft

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

CVEs mapped to this weakness (593)

page 1 of 30
  • CVE-2026-48172CriKEVMay 21, 2026
    risk 0.76cvss 9.8epss 0.19

    LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash.…

  • CVE-2024-28000CriAug 21, 2024
    risk 0.74cvss 9.8epss 0.68

    Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.

  • CVE-2025-34112CriJul 15, 2025
    risk 0.73cvss epss 0.02

    An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the '/api/common/1.0/login' endpoint can be exploited to create a new user account in the…

  • CVE-2025-27007CriMay 1, 2025
    risk 0.73cvss 9.8epss 0.50

    Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82.

  • CVE-2024-24882CriMay 17, 2024
    risk 0.68cvss 9.8epss 0.02

    Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2.

  • CVE-2024-54363CriDec 16, 2024
    risk 0.67cvss 9.8epss 0.02

    Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through <= 1.0.0.

  • CVE-2025-47539CriMay 23, 2025
    risk 0.66cvss 9.8epss 0.31

    Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <= 4.0.26.

  • CVE-2026-23800CriJan 16, 2026
    risk 0.65cvss 10.0epss 0.00

    Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0.

  • CVE-2024-9479CriNov 20, 2024
    risk 0.65cvss epss 0.00

    Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.

  • CVE-2024-9478CriNov 20, 2024
    risk 0.65cvss epss 0.00

    Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.

  • CVE-2024-50485CriOct 29, 2024
    risk 0.65cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix exam-matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through <= 1.5.

  • CVE-2026-39583CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions.

  • CVE-2026-34901CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.00

    Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions.

  • CVE-2026-49060CriJun 11, 2026
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4.

  • CVE-2025-53209CriJun 2, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0.

  • CVE-2026-48879CriJun 1, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17.

  • CVE-2026-42680CriJun 1, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1.

  • CVE-2026-42758CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253.

  • CVE-2026-42731CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through <= 5.4.9.

  • CVE-2026-42368CriMay 4, 2026
    risk 0.64cvss 9.9epss 0.00

    A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.