VYPR

CWE-266

Incorrect Privilege Assignment

BaseDraft

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

CVEs mapped to this weakness (593)

page 25 of 30
  • CVE-2026-6564MedApr 19, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and…

  • CVE-2026-5529MedApr 5, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely.…

  • CVE-2026-5215MedMar 31, 2026
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted…

  • CVE-2026-2693MedFeb 19, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unknown code of the file /api/system/dashboard/getCount of the component System Info Endpoint. Executing a manipulation can lead to improper authorization. The attack can be launched…

  • CVE-2025-14282MedFeb 12, 2026
    risk 0.28cvss 5.4epss 0.00

    A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like…

  • CVE-2025-14778MedFeb 9, 2026
    risk 0.28cvss 5.4epss 0.00

    A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's…

  • CVE-2026-1733MedFeb 1, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization. The attack can be initiated remotely. The…

  • CVE-2025-15213MedDec 30, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The manipulation of the argument store_id leads to improper authorization. The attack…

  • CVE-2025-15118MedDec 28, 2025
    risk 0.28cvss 4.3epss 0.00

    A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is…

  • CVE-2025-15087MedDec 25, 2025
    risk 0.28cvss 4.3epss 0.00

    A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to…

  • CVE-2025-15086MedDec 25, 2025
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack…

  • CVE-2025-15085MedDec 25, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in…

  • CVE-2025-13807MedDec 1, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The…

  • CVE-2025-13115MedNov 13, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is…

  • CVE-2025-12304MedOct 27, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote…

  • CVE-2025-11440MedOct 8, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in JhumanJ OpnForm up to 1.9.3. Impacted is an unknown function of the file /edit. Executing manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This…

  • CVE-2025-11080MedSep 27, 2025
    risk 0.28cvss 4.3epss 0.00

    A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the…

  • CVE-2025-10981MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was…

  • CVE-2025-10980MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    A security vulnerability has been detected in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/exportXls. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and…

  • CVE-2025-10979MedSep 25, 2025
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the…