CWE-266
Incorrect Privilege Assignment
Description
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Hierarchy (View 1000)
CVEs mapped to this weakness (593)
page 9 of 30| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-13130 | Hig | 0.51 | 7.8 | 0.00 | Nov 13, 2025 | A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can only be performed from a… | ||
| CVE-2024-32009 | Hig | 0.51 | 7.8 | 0.00 | Nov 11, 2025 | A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges. | ||
| CVE-2025-10941 | Hig | 0.51 | 7.8 | 0.00 | Sep 25, 2025 | A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. The attack needs to be… | ||
| CVE-2025-57797 | Hig | 0.51 | 7.8 | 0.00 | Aug 27, 2025 | Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6.5L61. If this vulnerability is exploited, an authenticated local attacker may escalate privileges and execute an arbitrary command. | ||
| CVE-2024-46974 | — | Hig | 0.51 | 7.8 | 0.00 | Jan 31, 2025 | Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers. | |
| CVE-2024-13206 | Hig | 0.51 | 7.8 | 0.00 | Jan 9, 2025 | A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local… | ||
| CVE-2024-12786 | — | Hig | 0.51 | 7.8 | 0.00 | Dec 19, 2024 | A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper… | |
| CVE-2024-36587 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2024 | Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy. | ||
| CVE-2024-23288 | Hig | 0.51 | 7.8 | 0.00 | Mar 8, 2024 | This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to elevate privileges. | ||
| CVE-2016-7066 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2018 | It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. | ||
| CVE-2017-12711 | Hig | 0.51 | 7.8 | 0.00 | Aug 30, 2017 | An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges. | ||
| CVE-2026-49780 | Hig | 0.50 | 8.8 | 0.00 | Jun 15, 2026 | Customer Privilege Escalation in Dokan <= 5.0.2 versions. | ||
| CVE-2026-35671 | Hig | 0.50 | 8.8 | 0.00 | May 28, 2026 | phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials… | ||
| CVE-2026-35669 | Hig | 0.50 | 8.8 | 0.00 | Apr 10, 2026 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated… | ||
| CVE-2025-2843 | Hig | 0.50 | 8.8 | 0.00 | Nov 12, 2025 | A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with *ClusterRole* upon deployment of the *Namespace-Scoped* Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a… | ||
| CVE-2024-56513 | Hig | 0.50 | — | 0.00 | Jan 3, 2025 | Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the `karmadactl register` command have excessive privileges to access… | ||
| CVE-2026-49083 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Contributor Privilege Escalation in LatePoint <= 5.5.1 versions. | ||
| CVE-2026-47169 | Hig | 0.49 | — | 0.00 | Jun 11, 2026 | Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, can configure the bot’s AutoRole feature to assign an arbitrary role to new… | ||
| CVE-2025-68420 | — | Hig | 0.49 | — | 0.00 | May 14, 2026 | Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a… | |
| CVE-2025-47422 | Hig | 0.49 | 7.5 | 0.00 | Jul 8, 2025 | Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and executes them as SYSTEM.… |
- risk 0.51cvss 7.8epss 0.00
A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can only be performed from a…
- risk 0.51cvss 7.8epss 0.00
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges.
- risk 0.51cvss 7.8epss 0.00
A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. The attack needs to be…
- risk 0.51cvss 7.8epss 0.00
Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6.5L61. If this vulnerability is exploited, an authenticated local attacker may escalate privileges and execute an arbitrary command.
- risk 0.51cvss 7.8epss 0.00
Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.
- risk 0.51cvss 7.8epss 0.00
A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local…
- risk 0.51cvss 7.8epss 0.00
A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper…
- risk 0.51cvss 7.8epss 0.00
Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.
- risk 0.51cvss 7.8epss 0.00
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to elevate privileges.
- risk 0.51cvss 7.8epss 0.00
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.
- risk 0.51cvss 7.8epss 0.00
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges.
- risk 0.50cvss 8.8epss 0.00
Customer Privilege Escalation in Dokan <= 5.0.2 versions.
- risk 0.50cvss 8.8epss 0.00
phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials…
- risk 0.50cvss 8.8epss 0.00
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated…
- risk 0.50cvss 8.8epss 0.00
A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with *ClusterRole* upon deployment of the *Namespace-Scoped* Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a…
- risk 0.50cvss —epss 0.00
Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the `karmadactl register` command have excessive privileges to access…
- risk 0.49cvss 7.5epss 0.00
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
- risk 0.49cvss —epss 0.00
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, can configure the bot’s AutoRole feature to assign an arbitrary role to new…
- risk 0.49cvss —epss 0.00
Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a…
- risk 0.49cvss 7.5epss 0.00
Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and executes them as SYSTEM.…