Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-266 (特权授予不正确) — Vulnerability Class 380

380 vulnerabilities classified as CWE-266 (特权授予不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-49379 WordPress Custom Fields Account Registration For Woocommerce plugin <= 1.2 - Privilege Escalation vulnerability — Custom Fields Account Registration For Woocommerce 8.8AIHighAI2025-12-18
CVE-2025-14503 Overly Permissive Trust Policy in Harmonix on AWS EKS — Harmonix on AWS 7.2 High2025-12-15
CVE-2025-13888 Openshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobs — gitops-operator 9.1 Critical2025-12-15
CVE-2025-66296 Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover — grav 8.8 High2025-12-01
CVE-2025-64761 OpenBao Privileged Operator Identity Group Root Escalation — openbao 7.2AIHighAI2025-11-25
CVE-2025-0504 Black Duck SCA Project Privilege Escalation — Black Duck SCA 5.4 Medium2025-11-21
CVE-2025-65094 WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation (IDOR) — WBCE_CMS 8.8AIHighAI2025-11-19
CVE-2025-2843 Observability-operator: observability operator privilege escalation — observability-operator 8.8 High2025-11-12
CVE-2024-32009 Siemens Spectrum Power 安全漏洞 — Spectrum Power 4 7.8 High2025-11-11
CVE-2025-6325 WordPress King Addons for Elementor plugin <= 51.1.36 - Privilege Escalation vulnerability — King Addons for Elementor 8.8 -2025-11-06
CVE-2025-62034 WordPress Togo theme < 1.0.4 - Privilege Escalation vulnerability — Togo 9.8 -2025-11-06
CVE-2025-60243 WordPress Selling Commander for WooCommerce plugin <= 1.2.46 - Privilege Escalation vulnerability — Selling Commander for WooCommerce 8.8 -2025-11-06
CVE-2025-60195 WordPress Atarim plugin <= 4.2.1 - Privilege Escalation vulnerability — Atarim 8.8 -2025-11-06
CVE-2025-49900 WordPress Advanced scrollbar plugin <= 1.1.8 - Privilege Escalation vulnerability — Advanced scrollbar 8.8 -2025-11-06
CVE-2024-58273 Nagios Log Server < 2024R1.0.2 LPE from Apache/Backend Shell User to Root — Log Server 7.8AIHighAI2025-10-30
CVE-2025-12103 Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace — Red Hat OpenShift AI 2.25 5.0 Medium2025-10-28
CVE-2025-36007 IBM QRadar SIEM incorrect privilege assignment — QRadar SIEM 7.8 High2025-10-27
CVE-2025-62007 WordPress Voice Feedback plugin <= 1.0.3 - Privilege Escalation vulnerability — Voice Feedback 8.8AIHighAI2025-10-22
CVE-2025-60222 WordPress SUMO Memberships for WooCommerce plugin <= 7.8.0 - Privilege Escalation vulnerability — SUMO Memberships for WooCommerce 8.8AIHighAI2025-10-22
CVE-2025-60220 WordPress CouponXxL theme <= 3.0.0 - Privilege Escalation vulnerability — CouponXxL 8.8AIHighAI2025-10-22
CVE-2025-60211 WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Privilege Escalation vulnerability — WooCommerce Registration Fields Plugin - Custom Signup Fields 8.8AIHighAI2025-10-22
CVE-2025-59580 WordPress Goodlayers Core plugin < 2.1.7 - Privilege Escalation vulnerability — Goodlayers Core 8.8AIHighAI2025-10-22
CVE-2025-53425 WordPress Dokan plugin <= 4.1.3 - Privilege Escalation vulnerability — Dokan 7.2 High2025-10-22
CVE-2025-53428 WordPress Simple User Registration plugin <= 6.8 - Privilege Escalation vulnerability — Simple User Registration 8.8AIHighAI2025-10-22
CVE-2025-49924 WordPress Wholesale Suite plugin <= 2.2.4.2 - Privilege Escalation vulnerability — Wholesale Suite 7.2 High2025-10-22
CVE-2025-48082 WordPress Progress Planner plugin <= 1.8.0 - Privilege Escalation vulnerability — Progress Planner 8.8AIHighAI2025-10-22
CVE-2025-62645 Restaurant Brands International assistant platform 安全漏洞 — assistant platform 9.9 Critical2025-10-17
CVE-2025-10577 Sound Research SECOMNService Escalation of Privilege — Sound Research 7.8AIHighAI2025-10-15
CVE-2025-10576 Sound Research SECOMNService Escalation of Privilege — Sound Research 7.8AIHighAI2025-10-15
CVE-2025-10038 Binary MLM Plan <= 3.0 - Unauthenticated Limited Privilege Escalation — Binary MLM Plan 6.5 Medium2025-10-15

Vulnerabilities classified as CWE-266 (特权授予不正确) represent 380 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.