CWE-266
Incorrect Privilege Assignment
Description
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Hierarchy (View 1000)
CVEs mapped to this weakness (593)
page 26 of 30| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-10978 | Med | 0.28 | 4.3 | 0.00 | Sep 25, 2025 | A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has… | ||
| CVE-2025-10822 | Med | 0.28 | 4.3 | 0.00 | Sep 23, 2025 | A vulnerability has been found in fuyang_lipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed… | ||
| CVE-2025-10821 | Med | 0.28 | 4.3 | 0.00 | Sep 22, 2025 | A flaw has been found in fuyang_lipengjun platform 1.0. The affected element is the function TopicCategoryController of the file /topiccategory/queryAll. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been… | ||
| CVE-2025-10820 | Med | 0.28 | 4.3 | 0.00 | Sep 22, 2025 | A vulnerability was detected in fuyang_lipengjun platform 1.0. Impacted is the function TopicController of the file /topic/queryAll. The manipulation results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used. | ||
| CVE-2025-10819 | Med | 0.28 | 4.3 | 0.00 | Sep 22, 2025 | A security vulnerability has been detected in fuyang_lipengjun platform 1.0. This issue affects the function UserCouponController of the file /usercoupon/queryAll. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has… | ||
| CVE-2025-10676 | Med | 0.28 | 4.3 | 0.00 | Sep 18, 2025 | A weakness has been identified in fuyang_lipengjun platform 1.0. Affected is the function BrandController of the file /brand/queryAll. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the… | ||
| CVE-2025-10675 | Med | 0.28 | 4.3 | 0.00 | Sep 18, 2025 | A security flaw has been discovered in fuyang_lipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been… | ||
| CVE-2025-10674 | Med | 0.28 | 4.3 | 0.00 | Sep 18, 2025 | A vulnerability was identified in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit is publicly… | ||
| CVE-2025-10422 | Med | 0.28 | 4.3 | 0.00 | Sep 15, 2025 | A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler. The manipulation of the argument orderNo leads to improper authorization.… | ||
| CVE-2025-10319 | Med | 0.28 | 4.3 | 0.00 | Sep 12, 2025 | A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The… | ||
| CVE-2025-10084 | Med | 0.28 | 4.3 | 0.00 | Sep 8, 2025 | A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The… | ||
| CVE-2025-10073 | Med | 0.28 | 4.3 | 0.00 | Sep 8, 2025 | A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and… | ||
| CVE-2025-9936 | Med | 0.28 | 4.3 | 0.00 | Sep 4, 2025 | A vulnerability was identified in fuyang_lipengjun platform 1.0.0. This issue affects the function AdController of the file /ad/queryAll. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and… | ||
| CVE-2025-48348 | Med | 0.28 | 4.3 | 0.00 | Aug 28, 2025 | Incorrect Privilege Assignment vulnerability in chandrashekharsahu Site Offline site-offline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Offline: from n/a through <= 1.5.7. | ||
| CVE-2025-8790 | Med | 0.28 | 4.3 | 0.00 | Aug 10, 2025 | A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. The manipulation of the argument ID leads to improper authorization. The attack… | ||
| CVE-2025-6702 | Med | 0.28 | 4.3 | 0.00 | Jun 26, 2025 | A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack… | ||
| CVE-2025-6532 | Med | 0.28 | 4.3 | 0.00 | Jun 24, 2025 | A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. The attack can only be… | ||
| CVE-2025-6531 | Med | 0.28 | 4.3 | 0.00 | Jun 24, 2025 | A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has been declared as problematic. This vulnerability affects unknown code of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. Access to the local network is… | ||
| CVE-2025-6525 | Med | 0.28 | 4.3 | 0.00 | Jun 23, 2025 | A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handler. The manipulation leads to improper authorization. The attack needs to be… | ||
| CVE-2025-3567 | — | Med | 0.28 | 4.3 | 0.00 | Apr 14, 2025 | A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler.… |
- risk 0.28cvss 4.3epss 0.00
A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has…
- risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in fuyang_lipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed…
- risk 0.28cvss 4.3epss 0.00
A flaw has been found in fuyang_lipengjun platform 1.0. The affected element is the function TopicCategoryController of the file /topiccategory/queryAll. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was detected in fuyang_lipengjun platform 1.0. Impacted is the function TopicController of the file /topic/queryAll. The manipulation results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used.
- risk 0.28cvss 4.3epss 0.00
A security vulnerability has been detected in fuyang_lipengjun platform 1.0. This issue affects the function UserCouponController of the file /usercoupon/queryAll. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has…
- risk 0.28cvss 4.3epss 0.00
A weakness has been identified in fuyang_lipengjun platform 1.0. Affected is the function BrandController of the file /brand/queryAll. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the…
- risk 0.28cvss 4.3epss 0.00
A security flaw has been discovered in fuyang_lipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was identified in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit is publicly…
- risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler. The manipulation of the argument orderNo leads to improper authorization.…
- risk 0.28cvss 4.3epss 0.00
A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was identified in fuyang_lipengjun platform 1.0.0. This issue affects the function AdController of the file /ad/queryAll. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and…
- risk 0.28cvss 4.3epss 0.00
Incorrect Privilege Assignment vulnerability in chandrashekharsahu Site Offline site-offline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Offline: from n/a through <= 1.5.7.
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. The manipulation of the argument ID leads to improper authorization. The attack…
- risk 0.28cvss 4.3epss 0.00
A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack…
- risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. The attack can only be…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has been declared as problematic. This vulnerability affects unknown code of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. Access to the local network is…
- risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handler. The manipulation leads to improper authorization. The attack needs to be…
- risk 0.28cvss 4.3epss 0.00
A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler.…