Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-266 (特权授予不正确) — Vulnerability Class 380

380 vulnerabilities classified as CWE-266 (特权授予不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-14282 Dropbear: privilege escalation via unix domain socket forwardings — dropbear 5.4 Medium2026-02-12
CVE-2025-14778 Keycloak: incorrect ownership checks in /uma-policy/ — Red Hat build of Keycloak 26.2 5.4 Medium2026-02-09
CVE-2025-13881 Org.keycloak.services.resources.admin: keycloak: limited administrator can retrieve sensitive user attributes via admin api — Red Hat build of Keycloak 26.4 2.7 Low2026-02-02
CVE-2025-69292 WordPress WP Membership plugin <= 1.6.4 - Privilege Escalation vulnerability — WP Membership 8.8AIHighAI2026-01-22
CVE-2025-69293 WordPress Final User plugin <= 1.2.5 - Privilege Escalation vulnerability — Final User 8.8AIHighAI2026-01-22
CVE-2025-69183 WordPress Hospital Doctor Directory plugin <= 1.3.9 - Privilege Escalation vulnerability — Hospital Doctor Directory 8.8AIHighAI2026-01-22
CVE-2025-69182 WordPress Institutions Directory plugin <= 1.3.4 - Privilege Escalation vulnerability — Institutions Directory 8.8AIHighAI2026-01-22
CVE-2025-68869 WordPress LazyTasks plugin <= 1.2.37 - Privilege Escalation vulnerability — LazyTasks 8.8AIHighAI2026-01-22
CVE-2025-68027 WordPress Hydra Booking plugin <= 1.1.32 - Privilege Escalation vulnerability — Hydra Booking 8.8AIHighAI2026-01-22
CVE-2025-67966 WordPress Lawyer Directory plugin <= 1.3.3 - Privilege Escalation vulnerability — Lawyer Directory 8.8AIHighAI2026-01-22
CVE-2025-67953 WordPress Booking Activities plugin <= 1.16.44 - Privilege Escalation vulnerability — Booking Activities 8.8AIHighAI2026-01-22
CVE-2025-50007 WordPress xSmart theme <= 1.2.9.4 - Privilege Escalation vulnerability — xSmart 7.8AIHighAI2026-01-22
CVE-2026-23800 WordPress Modular DS plugin <= 2.5.2 - Privilege Escalation vulnerability — Modular DS 10.0 Critical2026-01-16
CVE-2021-47799 Visual Tools DVR VX16 4.2.28 - Local Privilege Escalation — Visual Tools DVR VX16 6.2 Medium2026-01-15
CVE-2026-22916 SICK TDC-X401GL 安全漏洞 — TDC-X401GL 4.3 Medium2026-01-15
CVE-2026-22914 SICK TDC-X401GL 安全漏洞 — TDC-X401GL 4.3 Medium2026-01-15
CVE-2026-22908 SICK TDC-X401GL 安全漏洞 — TDC-X401GL 9.1 Critical2026-01-15
CVE-2026-22907 SICK TDC-X401GL 安全漏洞 — TDC-X401GL 9.9 Critical2026-01-15
CVE-2026-23550 WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability — Modular DS 10.0 Critical2026-01-14
CVE-2022-50927 Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation — Cyclades Serial Console Server 6.2 Medium2026-01-13
CVE-2026-20852 Windows Hello Tampering Vulnerability — Windows 10 Version 1607 7.7 High2026-01-13
CVE-2026-20804 Windows Hello Tampering Vulnerability — Windows 10 Version 1607 7.7 High2026-01-13
CVE-2025-31643 WordPress WPCHURCH plugin <= 2.7.0 - Privilege Escalation Vulnerability — WPCHURCH 8.8 High2026-01-07
CVE-2025-29004 WordPress Responsive Coming Soon Landing Page / Holding Page for WordPress plugin <= 3.0 - Privilege Escalation Vulnerability — Responsive Coming Soon Landing Page / Holding Page for WordPress 8.8 High2026-01-06
CVE-2019-25249 devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr — dLAN 550 duo+ Starter Kit 9.8 Critical2025-12-24
CVE-2018-25148 Microhard Systems IPn4G 1.1.0 Remote Code Execution via Admin Interface — Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit 8.8 High2025-12-24
CVE-2025-64188 WordPress Soledad theme <= 8.6.9 - Privilege Escalation vulnerability — Soledad 8.4AIHighAI2025-12-18
CVE-2025-59134 WordPress Sale! Immigration law, Visa services support, Migration Agent Consulting theme <= 1.5.8 - Privilege Escalation vulnerability — Sale! Immigration law, Visa services support, Migration Agent Consulting 8.8AIHighAI2025-12-18
CVE-2025-58710 WordPress Hotel Listing plugin <= 1.4.0 - Privilege Escalation vulnerability — Hotel Listing 8.8 High2025-12-18
CVE-2025-55707 WordPress PostX Plugin <= 4.1.35 - Privilege Escalation Vulnerability — PostX 8.8AIHighAI2025-12-18

Vulnerabilities classified as CWE-266 (特权授予不正确) represent 380 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.