VYPR

CWE-266

Incorrect Privilege Assignment

BaseDraft

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

CVEs mapped to this weakness (593)

page 26 of 30
  • CVE-2025-10978MedSep 25, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has…

  • CVE-2025-10822MedSep 23, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in fuyang_lipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed…

  • CVE-2025-10821MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    A flaw has been found in fuyang_lipengjun platform 1.0. The affected element is the function TopicCategoryController of the file /topiccategory/queryAll. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been…

  • CVE-2025-10820MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was detected in fuyang_lipengjun platform 1.0. Impacted is the function TopicController of the file /topic/queryAll. The manipulation results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used.

  • CVE-2025-10819MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    A security vulnerability has been detected in fuyang_lipengjun platform 1.0. This issue affects the function UserCouponController of the file /usercoupon/queryAll. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2025-10676MedSep 18, 2025
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in fuyang_lipengjun platform 1.0. Affected is the function BrandController of the file /brand/queryAll. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the…

  • CVE-2025-10675MedSep 18, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in fuyang_lipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2025-10674MedSep 18, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit is publicly…

  • CVE-2025-10422MedSep 15, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler. The manipulation of the argument orderNo leads to improper authorization.…

  • CVE-2025-10319MedSep 12, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The…

  • CVE-2025-10084MedSep 8, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The…

  • CVE-2025-10073MedSep 8, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and…

  • CVE-2025-9936MedSep 4, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in fuyang_lipengjun platform 1.0.0. This issue affects the function AdController of the file /ad/queryAll. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and…

  • CVE-2025-48348MedAug 28, 2025
    risk 0.28cvss 4.3epss 0.00

    Incorrect Privilege Assignment vulnerability in chandrashekharsahu Site Offline site-offline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Offline: from n/a through <= 1.5.7.

  • CVE-2025-8790MedAug 10, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. The manipulation of the argument ID leads to improper authorization. The attack…

  • CVE-2025-6702MedJun 26, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack…

  • CVE-2025-6532MedJun 24, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. The attack can only be…

  • CVE-2025-6531MedJun 24, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has been declared as problematic. This vulnerability affects unknown code of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. Access to the local network is…

  • CVE-2025-6525MedJun 23, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handler. The manipulation leads to improper authorization. The attack needs to be…

  • CVE-2025-3567MedApr 14, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler.…