Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-266 (特权授予不正确) — Vulnerability Class 380

380 vulnerabilities classified as CWE-266 (特权授予不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-33519 Incorrect privilege assignment in Portal for ArcGIS — Portal for ArcGIS 9.8 Critical2026-04-21
CVE-2026-33518 Incorrect privilege assignment in Portal for ArcGIS — Portal for ArcGIS 9.8 Critical2026-04-21
CVE-2026-40869 Decidim amendments can be accepted or rejected by anyone — decidim 7.5 High2026-04-21
CVE-2026-27668 Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary 安全漏洞 — RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) 8.8 High2026-04-14
CVE-2026-27102 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.6 Medium2026-04-08
CVE-2026-32916 OpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin Scopes — OpenClaw 9.4 Critical2026-03-31
CVE-2026-32922 OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate — OpenClaw 9.9 Critical2026-03-29
CVE-2026-3121 Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission — Red Hat build of Keycloak 26.4 6.5 Medium2026-03-26
CVE-2026-1712 HYPR Server 安全漏洞 — Server 8.8 -2026-03-25
CVE-2026-32530 WordPress Creator LMS plugin <= 1.1.18 - Privilege Escalation vulnerability — Creator LMS 8.8 -2026-03-25
CVE-2026-32520 WordPress RewardsWP plugin <= 1.0.4 - Privilege Escalation vulnerability — RewardsWP 8.8 -2026-03-25
CVE-2026-32519 WordPress Bit SMTP plugin <= 1.2.2 - Broken Authentication vulnerability — Bit SMTP 8.8 -2026-03-25
CVE-2026-32488 WordPress User Registration plugin <= 4.4.9 - Privilege Escalation vulnerability — User Registration 8.8 -2026-03-25
CVE-2026-27051 WordPress Golo theme <= 1.7.0 - Privilege Escalation vulnerability — Golo 9.8 Critical2026-03-25
CVE-2026-25414 WordPress WPBookit Pro plugin <= 1.6.18 - Privilege Escalation vulnerability — WPBookit Pro 8.8 High2026-03-25
CVE-2026-25334 WordPress Salon Booking System Pro plugin < 10.30.12 - Account Takeover vulnerability — Salon Booking System Pro 8.1 High2026-03-25
CVE-2026-24971 WordPress Search & Go theme <= 2.8 - Privilege Escalation vulnerability — Search & Go 9.8 Critical2026-03-25
CVE-2026-24968 WordPress Xagio SEO plugin <= 7.1.0.30 - Privilege Escalation vulnerability — Xagio SEO 9.8 Critical2026-03-25
CVE-2026-24373 WordPress RegistrationMagic plugin <= 6.0.7.1 - Account Takeover vulnerability — RegistrationMagic 8.1 High2026-03-25
CVE-2026-20110 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software 6.5 Medium2026-03-25
CVE-2026-27542 WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Privilege Escalation vulnerability — Woocommerce Wholesale Lead Capture 8.8 -2026-03-19
CVE-2026-27541 WordPress Wholesale Suite plugin <= 2.2.6 - Privilege Escalation vulnerability — Wholesale Suite 8.8 -2026-03-05
CVE-2026-27983 WordPress LMS Elementor Pro plugin <= 1.0.4 - Privilege Escalation vulnerability — LMS Elementor Pro 8.8 -2026-03-05
CVE-2026-24963 WordPress Amelia plugin <= 1.2.38 - Privilege Escalation vulnerability — Amelia 8.8 -2026-03-05
CVE-2026-21425 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.7 Medium2026-03-04
CVE-2026-0871 Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators — Red Hat build of Keycloak 26.4 4.9 Medium2026-02-27
CVE-2025-33179 NVIDIA Cumulus Linux和NVIDIA NVOS 安全漏洞 — Cumulus Linux GA 8.0 High2026-02-24
CVE-2025-69378 WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerability — Product Filter for WooCommerce 7.2 High2026-02-20
CVE-2026-22267 Dell PowerProtect Data Manager(PPDM) 安全漏洞 — PowerProtect Data Manager 8.1 High2026-02-19
CVE-2026-22268 Dell PowerProtect Data Manager(PPDM) 安全漏洞 — PowerProtect Data Manager 6.3 Medium2026-02-19

Vulnerabilities classified as CWE-266 (特权授予不正确) represent 380 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.