Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-266 (特权授予不正确) — Vulnerability Class 380

380 vulnerabilities classified as CWE-266 (特权授予不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-2485 Incorrect Privilege Assignment in GitLab — GitLab 4.4 Medium2023-06-07
CVE-2023-2816 Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner — Consul 8.7 High2023-06-02
CVE-2023-1174 [minikube] Network Port exposure in minikube running on macOS using Docker driver — minikube 9.8 Critical2023-05-24
CVE-2023-1874 WP Data Access <= 5.3.7 - Authenticated (Subscriber+) Privilege Escalation — WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards 7.5 High2023-04-12
CVE-2022-4441 Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter — Hitachi Storage Plug-in for VMware vCenter 7.6 High2023-01-31
CVE-2022-4041 Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter — Hitachi Storage Plug-in for VMware vCenter 5.9 Medium2023-01-31
CVE-2022-3876 Click Studios Passwordstate API authorization — Passwordstate 4.3 Medium2022-12-19
CVE-2022-4613 Click Studios Passwordstate Browser Extension Provisioning improper authorization — Passwordstate 5.0 Medium2022-12-19
CVE-2022-4281 Facepay camera.php authorization — Facepay 6.3 Medium2022-12-05
CVE-2022-4272 FeMiner wms unrestricted upload — wms 6.3 Medium2022-12-03
CVE-2022-4273 SourceCodester Human Resource Management System Content-Type employee.php unrestricted upload — Human Resource Management System 7.3 High2022-12-03
CVE-2022-4276 House Rental System POST Request tenant-engine.php unrestricted upload — House Rental System 6.3 Medium2022-12-03
CVE-2022-4280 Dot Tech Smart Campus System findUser information disclosure — Smart Campus System 4.3 Medium2022-12-03
CVE-2022-4232 SourceCodester Event Registration System unrestricted upload — Event Registration System 4.7 Medium2022-11-30
CVE-2022-3944 jerryhanjj ERP Commodity Management inventory.php uploadImages unrestricted upload — ERP 6.3 Medium2022-11-11
CVE-2022-3826 Huaxia ERP Retail Management list information disclosure — ERP 4.3 Medium2022-11-02
CVE-2022-3770 Yunjing CMS upload_img.html unrestricted upload — CMS 6.3 Medium2022-10-31
CVE-2022-3771 easyii CMS File Upload Management Upload.php file unrestricted upload — CMS 6.3 Medium2022-10-31
CVE-2022-3735 seccome Ehoney signup access control — Ehoney 6.3 Medium2022-10-28
CVE-2022-3549 SourceCodester Simple Cold Storage Management System Avatar unrestricted upload — Simple Cold Storage Management System 4.7 Medium2022-10-17
CVE-2022-3496 SourceCodester Human Resource Management System Admin Panel employeeadd.php access control — Human Resource Management System 6.3 Medium2022-10-14
CVE-2022-3458 SourceCodester Human Resource Management System Image File employeeview.php unrestricted upload — Human Resource Management System 6.3 Medium2022-10-12
CVE-2022-3436 SourceCodester Web-Based Student Clearance System Photo edit-photo.php unrestricted upload — Web-Based Student Clearance System 6.3 Medium2022-10-09
CVE-2022-2637 Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter — Hitachi Storage Plug-in for VMware vCenter 5.4 Medium2022-10-06
CVE-2022-20855 Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability — Cisco IOS XE Software 7.9 High2022-09-30
CVE-2020-10728 Automation Broker apb 安全漏洞 — automationbroker/apb 7.8 -2022-08-16
CVE-2022-2626 Incorrect Privilege Assignment in hestiacp/hestiacp — hestiacp/hestiacp 6.5 -2022-08-05
CVE-2022-1746 2.2.8 INCORRECT PRIVILEGE ASSIGNMENT CWE-266 — ImageCast X application 6.1 -2022-06-24
CVE-2022-20819 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability — Cisco Identity Services Engine Software 6.5 Medium2022-06-15
CVE-2022-20759 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Privilege Escalation Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 8.8 High2022-05-03

Vulnerabilities classified as CWE-266 (特权授予不正确) represent 380 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.