Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-266 (特权授予不正确) — Vulnerability Class 380

380 vulnerabilities classified as CWE-266 (特权授予不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-61785 Deno's --deny-write check does not prevent permission bypass — deno 5.3AIMediumAI2025-10-08
CVE-2025-43914 Dell PowerProtect Data Domain 安全漏洞 — PowerProtect Data Domain BoostFS for Linux Ubuntu Feature Release 7.5 High2025-10-07
CVE-2025-10725 Openshift-ai: overly permissive clusterrole allows authenticated users to escalate privileges to cluster admin — opendatahub-operator 9.9 Critical2025-09-30
CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users — sysreptor 8.1 High2025-09-27
CVE-2025-26517 CVE-2025-26517 Privilege Escalation Vulnerability in StorageGRID (formerly StorageGRID Webscale) — StorageGRID 5.4 Medium2025-09-19
CVE-2025-10644 Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability — Repairit 9.8AICriticalAI2025-09-17
CVE-2025-49401 WordPress smart SEO Plugin <= 4.0 - Privilege Escalation Vulnerability — smart SEO 9.8 Critical2025-09-05
CVE-2025-58841 WordPress Media Author Plugin <= 1.0.4 - Broken Access Control Vulnerability — Media Author 5.5 Medium2025-09-05
CVE-2024-32444 WordPress RealHomes theme <= 4.3.6 - Privilege Escalation vulnerability — RealHomes 9.8 Critical2025-09-03
CVE-2025-58323 NAVER MYBOX Explorer for Windows 安全漏洞 — NAVER MYBOX Explorer 7.8 -2025-08-29
CVE-2025-49407 WordPress Premium SEO Pack Plugin <= 3.3.2 - Privilege Escalation Vulnerability — Premium SEO Pack 8.8 High2025-08-28
CVE-2025-49388 WordPress Miraculous Core Plugin Plugin <= 2.0.7 - Privilege Escalation Vulnerability — Miraculous Core Plugin 9.8 Critical2025-08-28
CVE-2025-48348 WordPress Site Offline plugin <= 1.5.7 - Broken Access Control vulnerability — Site Offline 4.3 Medium2025-08-28
CVE-2025-58322 NAVER MYBOX Explorer for Windows 安全漏洞 — NAVER MYBOX Explorer 7.8 -2025-08-28
CVE-2025-57797 Fujitsu ScanSnap Manager 安全漏洞 — ScanSnap Manager installers 7.8 -2025-08-27
CVE-2025-49422 WordPress Support Ticket Plugin <= 1.9 - Privilege Escalation Vulnerability — Support Ticket 9.8 Critical2025-08-20
CVE-2025-48142 WordPress Bookify <= 1.0.9 - Privilege Escalation Vulnerability — Bookify 8.8 High2025-08-20
CVE-2025-48164 WordPress SureDash <= 1.0.3 - Privilege Escalation Vulnerability — SureDash 8.8 High2025-08-20
CVE-2025-48165 WordPress DELUCKS SEO Plugin <= 2.6.0 - Privilege Escalation Vulnerability — DELUCKS SEO 8.8 High2025-08-20
CVE-2025-53580 WordPress Simple Business Directory Pro Plugin < 15.6.9 - Privilege Escalation Vulnerability — Simple Business Directory Pro 9.8 Critical2025-08-20
CVE-2025-54049 WordPress Custom API for WP <= 4.2.2 - Privilege Escalation Vulnerability — Custom API for WP 9.9 Critical2025-08-20
CVE-2025-54735 WordPress CubeWP Framework Plugin <= 1.1.24 - Privilege Escalation Vulnerability — CubeWP 8.8 High2025-08-20
CVE-2025-5417 Rhdh: red hat developer hub user permissions — Red Hat Developer Hub 6.1 Medium2025-08-19
CVE-2025-49897 WordPress School Management Plugin <= 93.2.0 - Privilege Escalation Vulnerability — School Management 8.8 High2025-08-15
CVE-2025-36613 Dell SupportAssist for Business PCs和Dell SupportAssist for Home PCs 安全漏洞 — SupportAssist for Home PCs 2.8 Low2025-08-14
CVE-2025-36612 Dell SupportAssist for Business PCs 安全漏洞 — SupportAssist for Business PCs 6.7 Medium2025-08-14
CVE-2025-38738 Dell SupportAssist for Home PCs 安全漏洞 — SupportAssist for Home PCs 6.7 Medium2025-08-14
CVE-2025-54697 WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.16 - Privilege Escalation Vulnerability — Kadence WooCommerce Email Designer 7.2 High2025-08-14
CVE-2024-12303 Incorrect Privilege Assignment in GitLab — GitLab 6.7 Medium2025-08-13
CVE-2025-53744 Fortinet FortiOS Security Fabric 安全漏洞 — FortiOS 6.8 High2025-08-12

Vulnerabilities classified as CWE-266 (特权授予不正确) represent 380 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.