VYPR

CWE-266

Incorrect Privilege Assignment

BaseDraft

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

CVEs mapped to this weakness (593)

page 9 of 30
  • CVE-2025-13130HigNov 13, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can only be performed from a…

  • CVE-2024-32009HigNov 11, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges.

  • CVE-2025-10941HigSep 25, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. The attack needs to be…

  • CVE-2025-57797HigAug 27, 2025
    risk 0.51cvss 7.8epss 0.00

    Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6.5L61. If this vulnerability is exploited, an authenticated local attacker may escalate privileges and execute an arbitrary command.

  • CVE-2024-46974HigJan 31, 2025
    risk 0.51cvss 7.8epss 0.00

    Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.

  • CVE-2024-13206HigJan 9, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local…

  • CVE-2024-12786HigDec 19, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper…

  • CVE-2024-36587HigJun 13, 2024
    risk 0.51cvss 7.8epss 0.00

    Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.

  • CVE-2024-23288HigMar 8, 2024
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to elevate privileges.

  • CVE-2016-7066HigSep 11, 2018
    risk 0.51cvss 7.8epss 0.00

    It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.

  • CVE-2017-12711HigAug 30, 2017
    risk 0.51cvss 7.8epss 0.00

    An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges.

  • CVE-2026-49780HigJun 15, 2026
    risk 0.50cvss 8.8epss 0.00

    Customer Privilege Escalation in Dokan <= 5.0.2 versions.

  • CVE-2026-35671HigMay 28, 2026
    risk 0.50cvss 8.8epss 0.00

    phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials…

  • CVE-2026-35669HigApr 10, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated…

  • CVE-2025-2843HigNov 12, 2025
    risk 0.50cvss 8.8epss 0.00

    A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with *ClusterRole* upon deployment of the *Namespace-Scoped* Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a…

  • CVE-2024-56513HigJan 3, 2025
    risk 0.50cvss epss 0.00

    Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the `karmadactl register` command have excessive privileges to access…

  • CVE-2026-49083HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.

  • CVE-2026-47169HigJun 11, 2026
    risk 0.49cvss epss 0.00

    Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, can configure the bot’s AutoRole feature to assign an arbitrary role to new…

  • CVE-2025-68420HigMay 14, 2026
    risk 0.49cvss epss 0.00

    Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a…

  • CVE-2025-47422HigJul 8, 2025
    risk 0.49cvss 7.5epss 0.00

    Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and executes them as SYSTEM.…