Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-266 (特权授予不正确) — Vulnerability Class 381

381 vulnerabilities classified as CWE-266 (特权授予不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-1653 Directory Listings WordPress plugin – uListing <= 2.2.0 - Authenticated (Subscriber+) Privilege Escalation — Directory Listings WordPress plugin – uListing 8.8 High2025-03-15
CVE-2025-21092 GMOD Apollo Incorrect Privilege Assignment — Apollo 6.5 Medium2025-03-04
CVE-2024-8420 DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation — DHVC Form 9.8 Critical2025-02-28
CVE-2024-56000 WordPress K Elements plugin < 5.4.0 - Unauthenticated Account Takeover vulnerability — K Elements 7.8 -2025-02-18
CVE-2025-26523 Insufficient Authorization Vulnerability in RupeeWeb trading platform — RupeeWeb 6.5 -2025-02-14
CVE-2024-12213 WP Job Board Pro < 1.2.85 - Unauthenticated Privilege Escalation via process_register — WP Job Board Pro 9.8 Critical2025-02-12
CVE-2024-13421 Real Estate 7 WordPress <= 3.5.1 - Unauthenticated Privilege Escalation to Administrator — Real Estate 7 WordPress 9.8 Critical2025-02-12
CVE-2024-40591 Fortinet FortiOS 安全漏洞 — FortiOS 8.0 High2025-02-11
CVE-2024-49348 IBM Cloud Pak for Business Automation incorrect privilege assignment — Cloud Pak for Business Automation 4.3 Medium2025-02-05
CVE-2025-24648 WordPress Admin and Site Enhancements (ASE) Plugin <= 7.6.2.1 - Privilege Escalation vulnerability — Admin and Site Enhancements (ASE) 7.5 High2025-02-04
CVE-2024-43333 WordPress Admin and Site Enhancements (ASE) Pro Plugin <= 7.6.2.1 - Privilege Escalation vulnerability — Admin and Site Enhancements (ASE) Pro 7.5 High2025-02-03
CVE-2024-57967 CyberArk Privileged Access Manager Self-Hosted 安全漏洞 — Privileged Access Manager 4.2 Medium2025-02-03
CVE-2024-46974 GPU DDK - Arbitrary write of read-only dmabuf — Graphics DDK 7.8 -2025-01-31
CVE-2024-35122 IBM i denial of service — i 2.8 Low2025-01-24
CVE-2024-32555 WordPress Easy Real Estate plugin <= 2.2.6 - Privilege Escalation vulnerability — Easy Real Estate 9.8 Critical2025-01-21
CVE-2024-51888 WordPress Homey Login Register Plugin <= 2.4.0 - Privilege Escalation vulnerability — Homey Login Register 9.8 Critical2025-01-21
CVE-2025-23528 WordPress DD Roles plugin <= 4.1 - Privilege Escalation vulnerability — DD Roles 8.8 -2025-01-16
CVE-2024-45331 Fortinet多款产品 安全漏洞 — FortiAnalyzer 6.9 High2025-01-16
CVE-2025-22736 WordPress User Management plugin <= 1.2 - Privilege Escalation vulnerability — User Management 8.8 High2025-01-15
CVE-2024-33503 Fortinet FortiManager和FortiAnalyzer 安全漏洞 — FortiManager 6.7 Medium2025-01-14
CVE-2024-13251 Registration role - Critical - Access bypass - SA-CONTRIB-2024-015 — Registration role 8.8 -2025-01-09
CVE-2024-13248 Private content - Moderately critical - Access bypass - SA-CONTRIB-2024-012 — Private content 6.3 -2025-01-09
CVE-2024-49644 WordPress Accessibility by AllAccessible plugin <= 1.3.4 - Privilege Escalation vulnerability — Accessibility by AllAccessible 8.8 High2025-01-07
CVE-2024-56280 WordPress WPGuppy plugin <= 1.1.0 - Privilege Escalation vulnerability — WPGuppy 8.8 High2025-01-07
CVE-2024-12470 School Management System – SakolaWP <= 1.0.8 - Unauthenticated Privilege Escalation — School Management System – SakolaWP 9.8 Critical2025-01-07
CVE-2024-56513 Karmada PULL Mode Cluster Privilege Escalation — karmada 8.8 -2025-01-03
CVE-2024-55542 Acronis Cyber Protect和Acronis Cyber Protect Cloud Agent 安全漏洞 — Acronis Cyber Protect 16 7.8 -2025-01-02
CVE-2024-52049 Trend Micro Apex One 安全漏洞 — Trend Micro Apex One 7.8 High2024-12-31
CVE-2024-52048 Trend Micro Apex One 安全漏洞 — Trend Micro Apex One 7.8 High2024-12-31
CVE-2024-56043 WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Privilege Escalation vulnerability — WPLMS 9.8 Critical2024-12-31

Vulnerabilities classified as CWE-266 (特权授予不正确) represent 381 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.