CWE-266
Incorrect Privilege Assignment
Description
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Hierarchy (View 1000)
CVEs mapped to this weakness (593)
page 15 of 30| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-9412 | Med | 0.41 | 6.3 | 0.00 | May 25, 2026 | A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access controls. The attack can be launched remotely. The exploit has been publicly… | ||
| CVE-2026-9376 | Med | 0.41 | 6.3 | 0.00 | May 24, 2026 | A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization.… | ||
| CVE-2026-8747 | Med | 0.41 | 6.3 | 0.00 | May 17, 2026 | A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb_system/function/c_system_event.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The… | ||
| CVE-2026-8127 | Med | 0.41 | 6.3 | 0.00 | May 8, 2026 | A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been… | ||
| CVE-2026-7709 | Med | 0.41 | 6.3 | 0.00 | May 3, 2026 | A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation of the argument user_id leads to improper authorization. The attack may be… | ||
| CVE-2026-7093 | Med | 0.41 | 6.3 | 0.00 | Apr 27, 2026 | A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The… | ||
| CVE-2026-7092 | Med | 0.41 | 6.3 | 0.00 | Apr 27, 2026 | A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The… | ||
| CVE-2026-7091 | Med | 0.41 | 6.3 | 0.00 | Apr 27, 2026 | A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been… | ||
| CVE-2026-6634 | — | Med | 0.41 | 6.3 | 0.00 | Apr 20, 2026 | A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The… | |
| CVE-2026-6609 | — | Med | 0.41 | 6.3 | 0.00 | Apr 20, 2026 | A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the file oauth/views.py. This manipulation of the argument oauthid causes improper authorization. The attack may be initiated remotely. The exploit has been… | |
| CVE-2026-4548 | — | Med | 0.41 | 6.3 | 0.00 | Mar 22, 2026 | A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be… | |
| CVE-2026-4013 | Med | 0.41 | 6.3 | 0.00 | Mar 12, 2026 | A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely. | ||
| CVE-2026-3738 | Med | 0.41 | 6.3 | 0.00 | Mar 8, 2026 | A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is… | ||
| CVE-2026-3737 | Med | 0.41 | 6.3 | 0.00 | Mar 8, 2026 | A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely.… | ||
| CVE-2026-3724 | Med | 0.41 | 6.3 | 0.00 | Mar 8, 2026 | A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patient_id causes improper authorization. It is possible to initiate the attack… | ||
| CVE-2026-3265 | Med | 0.41 | 6.3 | 0.00 | Feb 26, 2026 | A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipulation leads to improper authorization. The attack is possible to be carried out… | ||
| CVE-2026-3209 | Med | 0.41 | 6.3 | 0.00 | Feb 25, 2026 | A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has… | ||
| CVE-2026-2860 | Med | 0.41 | 6.3 | 0.00 | Feb 21, 2026 | A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeController.java. The manipulation leads to improper authorization. It is possible to… | ||
| CVE-2026-2852 | Med | 0.41 | 6.3 | 0.00 | Feb 20, 2026 | A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\SalesController.java of the component… | ||
| CVE-2026-2851 | Med | 0.41 | 6.3 | 0.00 | Feb 20, 2026 | A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\InportController.java of the… |
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access controls. The attack can be launched remotely. The exploit has been publicly…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization.…
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb_system/function/c_system_event.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The…
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation of the argument user_id leads to improper authorization. The attack may be…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The…
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The…
- risk 0.41cvss 6.3epss 0.00
A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been…
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The…
- risk 0.41cvss 6.3epss 0.00
A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the file oauth/views.py. This manipulation of the argument oauthid causes improper authorization. The attack may be initiated remotely. The exploit has been…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely.
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely.…
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patient_id causes improper authorization. It is possible to initiate the attack…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipulation leads to improper authorization. The attack is possible to be carried out…
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has…
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeController.java. The manipulation leads to improper authorization. It is possible to…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\SalesController.java of the component…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\InportController.java of the…