VYPR

CWE-266

Incorrect Privilege Assignment

BaseDraft

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

CVEs mapped to this weakness (593)

page 16 of 30
  • CVE-2026-2850MedFeb 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\CustomerController.java of the component…

  • CVE-2026-2676MedFeb 18, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component API Interface. Executing a manipulation can lead to improper authorization. The…

  • CVE-2026-2563MedFeb 16, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the component jdcapp_rpc. The manipulation leads to Remote Privilege Escalation. It is…

  • CVE-2026-2562MedFeb 16, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc. Executing a manipulation of the argument File can lead to Remote Privilege Escalation. The attack may be…

  • CVE-2026-2561MedFeb 16, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out…

  • CVE-2026-2141MedFeb 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper…

  • CVE-2026-2107MedFeb 7, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\LoginfoController.java of the…

  • CVE-2026-2106MedFeb 7, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\NoticeControll…

  • CVE-2026-2105MedFeb 7, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component…

  • CVE-2026-2079MedFeb 7, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java of the component Menu…

  • CVE-2026-2078MedFeb 7, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\PermissionController.java of the…

  • CVE-2026-2077MedFeb 7, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of…

  • CVE-2026-2076MedFeb 7, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the…

  • CVE-2026-2075MedFeb 7, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission…

  • CVE-2026-2015MedFeb 6, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulation of the argument school_id can lead to improper authorization. The attack can…

  • CVE-2026-2009MedFeb 6, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The…

  • CVE-2026-1702MedJan 30, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument group_id results in improper authorization. The…

  • CVE-2026-1597MedJan 29, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session leads to improper authorization. The attack may be performed from remote. The…

  • CVE-2026-1550MedJan 28, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a manipulation results in improper…

  • CVE-2026-1193MedJan 19, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is…