Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-266 (特权授予不正确) — Vulnerability Class 380

380 vulnerabilities classified as CWE-266 (特权授予不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-37293 aws-deployment-framework's potential risk can lead to privilege escalation — aws-deployment-framework 7.6 High2024-06-11
CVE-2024-35700 WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability — Userpro 9.8 Critical2024-06-04
CVE-2024-4870 Frontend Registration – Contact Form 7 <= 5.1 - Authenticated (Editor+) Privilege Escalation — Frontend Registration – Contact Form 7 7.2 High2024-06-04
CVE-2024-32959 WordPress Sirv plugin <= 7.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability — Sirv 8.8 High2024-05-17
CVE-2024-32507 WordPress Login with phone number plugin <= 1.7.16 - Privilege Escalation vulnerability — Login with phone number 8.8 High2024-05-17
CVE-2024-24882 WordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerability — Masteriyo - LMS 8.8 -2024-05-17
CVE-2024-22145 WordPress InstaWP Connect plugin <= 0.1.0.8 - Arbitrary Option Update to Privilege Escalation vulnerability — InstaWP Connect 8.8 High2024-05-17
CVE-2024-20389 Cisco Crosswork Network Services Orchestrator 安全漏洞 — Cisco ConfD 7.8 High2024-05-16
CVE-2024-27273 IBM AIX privilege escalation — AIX 8.1 High2024-05-07
CVE-2023-51484 WordPress Login as User or Customer plugin <= 3.8 - Unauthenticated Account Takeover vulnerability — Login as User or Customer (User Switching) 9.8 Critical2024-04-25
CVE-2024-2409 MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action — MasterStudy LMS WordPress Plugin – for Online Courses and Education 9.8 Critical2024-03-29
CVE-2024-20320 Cisco IOS XR 安全漏洞 — Cisco IOS XR Software 7.8 High2024-03-13
CVE-2023-6477 Incorrect Privilege Assignment in GitLab — GitLab 6.7 Medium2024-02-21
CVE-2024-23976 BIG-IP Appliance mode iAppsLX vulnerability — BIG-IP 6.0 Medium2024-02-14
CVE-2023-6815 Mitsubishi Electric MELSEC iQ-R series 安全漏洞 — MELSEC iQ-R Series Safety CPU R08SFCPU 6.5 Medium2024-02-13
CVE-2023-5080 Lenovo Tablet 安全漏洞 — Tablet 6.8 Medium2024-01-19
CVE-2023-49647 Zoom Desktop Client for Windows - Improper Access Control — Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 8.8 High2024-01-12
CVE-2023-47140 IBM CICS Transaction Gateway improper access controls — CICS Transaction Gateway Containers 4.0 Medium2024-01-08
CVE-2023-29066 Incorrect User Management — FACSChorus 3.2 Low2023-11-28
CVE-2023-6009 UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation — UserPro - Community and User Profile WordPress Plugin 8.8 High2023-11-22
CVE-2023-5913 A potential Privilege Escalation vulnerability in opentext Fortify ScanCentral DAST API. — Fortify ScanCentral DAST 8.2 High2023-11-08
CVE-2023-5077 Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets — Vault 7.6 High2023-09-28
CVE-2023-3775 Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service — Vault Enterprise 4.2 Medium2023-09-28
CVE-2023-4153 BAN Users <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update & Privilege Escalation — BAN Users 8.8 High2023-09-13
CVE-2023-3518 JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access — Consul 7.4 High2023-08-09
CVE-2023-39173 JetBrains TeamCity 安全漏洞 — TeamCity 5.4 Medium2023-07-25
CVE-2023-3300 Nomad Search API Leaks Information About CSI Plugins — Nomad 5.3 Medium2023-07-19
CVE-2023-3072 Nomad ACL Policies without Label are Applied to Unexpected Resources — Nomad 4.1 Medium2023-07-19
CVE-2023-3114 Terraform Enterprise Agent Pool Controls Allowed Unauthorized Workspaces To Target an Agent Pool — Terraform Enterprise 5.0 Medium2023-06-22
CVE-2023-28956 IBM Spectrum Protect Backup-Archive Client privilege escalation — Spectrum Protect Backup-Archive Client 8.4 High2023-06-22

Vulnerabilities classified as CWE-266 (特权授予不正确) represent 380 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.