VYPR

CWE-266

Incorrect Privilege Assignment

BaseDraft

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

CVEs mapped to this weakness (593)

page 11 of 30
  • CVE-2026-6105HigApr 11, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component doInstall Interface. The manipulation leads to improper authorization. The…

  • CVE-2026-5642HigApr 6, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTTP POST Request Handler. This manipulation of the argument Name causes improper…

  • CVE-2026-5569HigApr 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been…

  • CVE-2026-5526HigApr 4, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The…

  • CVE-2026-4990HigMar 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The…

  • CVE-2026-4617HigMar 24, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper…

  • CVE-2026-4194HigMar 16, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element…

  • CVE-2026-4193HigMar 16, 2026
    risk 0.47cvss 7.3epss 0.01

    A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflictInfo/GetLocalMacAddress/GetNetworkSetting…

  • CVE-2026-4180HigMar 16, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument token_id leads to improper access controls. The attack may be initiated remotely. The…

  • CVE-2026-3764HigMar 8, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadmin_user_update.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has…

  • CVE-2026-3762HigMar 8, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_manager.php of the component Endpoint. The manipulation of the argument manager_id leads to improper authorization. It is…

  • CVE-2026-3734HigMar 8, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of the argument manager_id causes improper authorization. The attack can be…

  • CVE-2026-27541HigMar 5, 2026
    risk 0.47cvss 7.2epss 0.00

    Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.6.

  • CVE-2026-24963HigMar 5, 2026
    risk 0.47cvss 7.2epss 0.00

    Incorrect Privilege Assignment vulnerability in ameliabooking Amelia ameliabooking allows Privilege Escalation.This issue affects Amelia: from n/a through <= 1.2.38.

  • CVE-2026-2983HigFeb 23, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Import. This manipulation of the argument File causes improper access controls.…

  • CVE-2026-2938HigFeb 22, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation leads to improper access controls. It is possible to initiate the attack…

  • CVE-2026-2896HigFeb 22, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely.…

  • CVE-2025-69378HigFeb 20, 2026
    risk 0.47cvss 7.2epss 0.00

    Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2.

  • CVE-2026-2668HigFeb 18, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be…

  • CVE-2026-2549HigFeb 16, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in zhanghuanhao LibrarySystem 图书馆管理系统 up to 1.1.1. This impacts an unknown function of the file BookController.java. The manipulation leads to improper access controls. The attack is possible to be carried out remotely. The exploit…