VYPR

CWE-266

Incorrect Privilege Assignment

BaseDraft

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

CVEs mapped to this weakness (593)

page 18 of 30
  • CVE-2025-10988MedSep 26, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be…

  • CVE-2025-10987MedSep 26, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is…

  • CVE-2025-10707MedSep 19, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the…

  • CVE-2025-10608MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /enrollment-history/. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public…

  • CVE-2025-10318MedSep 12, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to improper authorization. The…

  • CVE-2025-10291MedSep 12, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in linlinjava litemall up to 1.8.0. This affects the function WxAftersaleController of the file /wx/aftersale/cancel. Executing manipulation of the argument ID can lead to improper authorization. The attack can be executed remotely. The exploit has…

  • CVE-2025-10278MedSep 12, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. The attack is possible to be carried out remotely. The exploit has…

  • CVE-2025-10277MedSep 12, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. The attack can be executed remotely. The exploit is now public…

  • CVE-2025-10276MedSep 12, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. Remote exploitation of the attack is…

  • CVE-2025-10275MedSep 12, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has…

  • CVE-2025-10247MedSep 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in JEPaaS 7.2.8. This vulnerability affects the function doFilterInternal of the component Filter Handler. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed publicly…

  • CVE-2025-10086MedSep 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in fuyang_lipengjun platform 1.0.0. This issue affects the function queryAll of the file /adposition/queryAll of the component AdPositionController. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit…

  • CVE-2025-10072MedSep 7, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has…

  • CVE-2025-10071MedSep 7, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed to…

  • CVE-2025-10070MedSep 7, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used.

  • CVE-2025-10013MedSep 5, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may…

  • CVE-2025-9760MedSep 1, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/Api/matricula of the component Matricula API. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit…

  • CVE-2025-9687MedAug 30, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/HistoricoEscolar/processamentoApi. Executing manipulation can lead to improper authorization. The attack may be performed from a remote location. The exploit has…

  • CVE-2025-9609MedAug 29, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /educacenso/consulta. The manipulation results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used.

  • CVE-2025-9602MedAug 29, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.