VYPR

CWE-266

Incorrect Privilege Assignment

BaseDraft

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

CVEs mapped to this weakness (593)

page 19 of 30
  • CVE-2025-9151MedAug 19, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /web_config/json/name/web. Performing manipulation results in improper authorization. It is possible to initiate the…

  • CVE-2025-8839MedAug 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to…

  • CVE-2025-8797MedAug 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing of the component LocalStorage Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been…

  • CVE-2025-8795MedAug 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads to improper access controls. It is possible to initiate the attack remotely.…

  • CVE-2025-8791MedAug 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in LitmusChaos Litmus up to 3.19.0. It has been rated as critical. This issue affects some unknown processing of the file /auth/list_projects. The manipulation of the argument role leads to improper authorization. The attack may be initiated remotely.…

  • CVE-2025-8756MedAug 9, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in TDuckCloud tduck-platform up to 5.1 and classified as critical. Affected by this vulnerability is the function preHandle of the file /manage/ of the component com.tduck.cloud.api.web.interceptor.AuthorizationInterceptor. The manipulation leads…

  • CVE-2025-7552MedJul 14, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Dromara Northstar up to 7.3.5. It has been rated as critical. Affected by this issue is the function preHandle of the file northstar-main/src/main/java/org/dromara/northstar/web/interceptor/AuthorizationInterceptor.java of the component Path Handler.…

  • CVE-2025-0139MedJul 9, 2025
    risk 0.41cvss epss 0.00

    An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital Experience Manager allows a locally authenticated low privileged user on macOS endpoints to escalate their privileges to root.

  • CVE-2025-6765MedJun 27, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be…

  • CVE-2025-6736MedJun 27, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be…

  • CVE-2025-6735MedJun 27, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has…

  • CVE-2025-0783MedJan 28, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as problematic, was found in pankajindevops scale up to 20241113. This affects an unknown part of the component API Endpoint. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product…

  • CVE-2024-3013MedMar 28, 2024
    risk 0.41cvss 6.3epss 0.23

    A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted element is an unknown function of the file /tools/test_login.php?action=register of the component User Registration. Executing manipulation can lead to improper authorization. The attack may be performed from…

  • CVE-2026-11462HigJun 7, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in…

  • CVE-2026-9580HigMay 26, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2026-7505HigApr 30, 2026
    risk 0.40cvss 7.3epss 0.00

    A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used.…

  • CVE-2026-1411MedJan 26, 2026
    risk 0.40cvss 6.1epss 0.00

    A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The complexity of an…

  • CVE-2021-47799MedJan 15, 2026
    risk 0.40cvss 6.2epss 0.00

    Visual Tools DVR VX16 version 4.2.28 contains a local privilege escalation vulnerability in its Sudo configuration that allows attackers to gain root access. Attackers can exploit the unsafe Sudo settings by using mount commands to bind a shell, enabling unauthorized…

  • CVE-2022-50927MedJan 13, 2026
    risk 0.40cvss 6.2epss 0.00

    Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and…

  • CVE-2025-53425HigOct 22, 2025
    risk 0.40cvss 7.2epss 0.00

    Incorrect Privilege Assignment vulnerability in Dokan, Inc. Dokan dokan-lite allows Privilege Escalation.This issue affects Dokan: from n/a through <= 4.1.3.