Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-266 (特权授予不正确) — Vulnerability Class 380

380 vulnerabilities classified as CWE-266 (特权授予不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-42936 Missing Authorization check in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAP 5.4 Medium2025-08-12
CVE-2025-5999 Vault Root Namespace Operator May Elevate Token Privileges — Vault 7.2 High2025-08-01
CVE-2025-2179 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App — GlobalProtect App 6.1AIMediumAI2025-07-29
CVE-2025-52836 WordPress The E-Commerce ERP <= 2.1.1.3 - Privilege Escalation Vulnerability — The E-Commerce ERP 9.8 Critical2025-07-16
CVE-2025-0140 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App — GlobalProtect App 7.1AIHighAI2025-07-09
CVE-2025-0139 Autonomous Digital Experience Manager: Privilege Escalation (PE) Vulnerability — Autonomous Digital Experience Manager 7.8AIHighAI2025-07-09
CVE-2025-27028 Read access of deprivileged Radiflow iSAP Smart Collector user — iSAP Smart Collector 6.8 Medium2025-07-09
CVE-2025-43001 Multiple Privilege Escalation Vulnerabilities in SAPCAR — SAPCAR 6.9 Medium2025-07-08
CVE-2025-42992 Multiple Privilege Escalation Vulnerabilities in SAPCAR — SAPCAR 6.9 Medium2025-07-08
CVE-2025-23970 WordPress Service Finder Booking plugin <= 6.1 - Privilege Escalation Vulnerability — Service Finder Booking 9.8 Critical2025-07-04
CVE-2025-49867 WordPress RealHomes theme <= 4.4.0 - Privilege Escalation vulnerability — RealHomes 9.8 Critical2025-07-04
CVE-2025-52726 WordPress CouponXxL Custom Post Types plugin <= 3.0 - Privilege Escalation Vulnerability — CouponXxL Custom Post Types 8.6 High2025-06-27
CVE-2025-41255 Cyberduck and Mountain Duck - Improper Certificate Store Handling — Cyberduck 8.0 High2025-06-25
CVE-2025-23260 NVIDIA AIStore 安全漏洞 — AIStore 5.0 Medium2025-06-24
CVE-2025-49580 XWiki allows privilege escalation through link refactoring — xwiki-platform 9.3AICriticalAI2025-06-13
CVE-2025-4228 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability — Cortex XDR Broker VM 7.2AIHighAI2025-06-12
CVE-2025-4922 Nomad Vulnerable To Incorrect ACL Policy Lookup Attached To A Job — Nomad 8.1 High2025-06-11
CVE-2025-23974 WordPress One-Login plugin <= 1.4 - Privilege Escalation Vulnerability — One-Login 8.1 High2025-06-09
CVE-2025-47561 WordPress MapSVG plugin < 8.6.13 - Privilege Escalation Vulnerability — MapSVG 8.8 High2025-06-09
CVE-2025-48129 WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Privilege Escalation Vulnerability — Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light 9.8 Critical2025-06-09
CVE-2025-5791 Users: `root` appended to group listings 7.1 High2025-06-06
CVE-2025-48911 Huawei HarmonyOS 安全漏洞 — HarmonyOS 8.2 High2025-06-06
CVE-2025-4493 Devolutions Server 安全漏洞 — Server 7.1AIHighAI2025-05-28
CVE-2025-31918 WordPress Simple Business Directory Pro plugin < 15.6.9 - Privilege Escalation vulnerability — Simple Business Directory Pro 9.8 Critical2025-05-23
CVE-2025-39489 WordPress CouponXL theme <= 4.5.0 - Privilege Escalation Vulnerability — CouponXL 9.8 Critical2025-05-23
CVE-2025-47539 WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability — Eventin 9.8 Critical2025-05-23
CVE-2025-47631 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Privilege Escalation vulnerability — Hospital Management System 8.8 High2025-05-23
CVE-2025-48741 StrangeBee TheHive 安全漏洞 — TheHive 6.5AIMediumAI2025-05-23
CVE-2025-48695 CyberDAVA 安全漏洞 — CyberDAVA 6.4 Medium2025-05-23
CVE-2025-4692 ABUP IoT Cloud Platform Incorrect Privilege Assignment — ABUP IoT Cloud Platform 6.8 Medium2025-05-22

Vulnerabilities classified as CWE-266 (特权授予不正确) represent 380 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.