VYPR

CWE-266

Incorrect Privilege Assignment

BaseDraft

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

CVEs mapped to this weakness (593)

page 15 of 30
  • CVE-2026-9412MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access controls. The attack can be launched remotely. The exploit has been publicly…

  • CVE-2026-9376MedMay 24, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization.…

  • CVE-2026-8747MedMay 17, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb_system/function/c_system_event.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The…

  • CVE-2026-8127MedMay 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been…

  • CVE-2026-7709MedMay 3, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation of the argument user_id leads to improper authorization. The attack may be…

  • CVE-2026-7093MedApr 27, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The…

  • CVE-2026-7092MedApr 27, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The…

  • CVE-2026-7091MedApr 27, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2026-6634MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The…

  • CVE-2026-6609MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the file oauth/views.py. This manipulation of the argument oauthid causes improper authorization. The attack may be initiated remotely. The exploit has been…

  • CVE-2026-4548MedMar 22, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be…

  • CVE-2026-4013MedMar 12, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely.

  • CVE-2026-3738MedMar 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is…

  • CVE-2026-3737MedMar 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely.…

  • CVE-2026-3724MedMar 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patient_id causes improper authorization. It is possible to initiate the attack…

  • CVE-2026-3265MedFeb 26, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipulation leads to improper authorization. The attack is possible to be carried out…

  • CVE-2026-3209MedFeb 25, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2026-2860MedFeb 21, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeController.java. The manipulation leads to improper authorization. It is possible to…

  • CVE-2026-2852MedFeb 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\SalesController.java of the component…

  • CVE-2026-2851MedFeb 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\InportController.java of the…