VYPR

CWE-266

Incorrect Privilege Assignment

BaseDraft

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

CVEs mapped to this weakness (593)

page 22 of 30
  • CVE-2024-55570MedMar 3, 2025
    risk 0.35cvss 5.4epss 0.00

    /api/user/users in the web GUI for the Cubro EXA48200 network packet broker (build 20231025055018) fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their privileges by sending a single HTTP PUT request with rolename=Administrator, aka…

  • CVE-2026-12201MedJun 15, 2026
    risk 0.34cvss 5.3epss 0.00

    A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The…

  • CVE-2026-11620MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.00

    A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2026-11619MedJun 9, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible…

  • CVE-2026-11497MedJun 8, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely.…

  • CVE-2026-11441MedJun 6, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch…

  • CVE-2026-11440MedJun 6, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/{projectId}/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to…

  • CVE-2026-11439MedJun 6, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be…

  • CVE-2026-11438MedJun 6, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization. The attack is possible to be carried out…

  • CVE-2026-10277MedJun 1, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is…

  • CVE-2026-10269MedJun 1, 2026
    risk 0.34cvss 6.3epss 0.00

    A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is…

  • CVE-2026-10255MedJun 1, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function sell_statement of the file application/controllers/ShowForm.php. Such manipulation leads to improper access controls. The attack can be…

  • CVE-2026-9581MedMay 26, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used.…

  • CVE-2026-9579MedMay 26, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched…

  • CVE-2025-32747MedMay 22, 2026
    risk 0.34cvss 5.3epss 0.00

    Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

  • CVE-2026-8752MedMay 17, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to…

  • CVE-2026-8743MedMay 17, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ue_find_by_amf_ue_ngap_id of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The…

  • CVE-2026-8241MedMay 10, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit…

  • CVE-2026-7713MedMay 4, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The…

  • CVE-2026-7686MedMay 3, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activation. Performing a manipulation results in improper access controls. Remote…