Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-266 (特权授予不正确) — Vulnerability Class 380

380 vulnerabilities classified as CWE-266 (特权授予不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-49322 WordPress Job Board Manager for WordPress plugin <= 1.0 - Privilege Escalation vulnerability — Job Board Manager for WordPress 8.8AIHighAI2024-10-17
CVE-2024-9863 Miniorange OTP Verification with Firebase <= 3.6.0 - Privilege Escalation via Registration due to Administrator Default User Role Value — Miniorange OTP Verification with Firebase 9.8 Critical2024-10-17
CVE-2024-9180 Vault Operators in Root Namespace May Elevate Their Privileges — Vault 7.2 High2024-10-10
CVE-2024-9519 UserPlus <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege Escalation — User registration & user profile – UserPlus 7.2 High2024-10-10
CVE-2024-47653 Missing Authorization Vulnerability — Client Dashboard 7.1 -2024-10-04
CVE-2024-25632 Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances — elabftw 8.6 High2024-10-01
CVE-2024-22303 WordPress Houzez theme <= 3.2.4 - Privilege Escalation vulnerability — Houzez 8.8 High2024-09-17
CVE-2024-21743 WordPress Houzez Login Register plugin <= 3.2.5 - Privilege Escalation vulnerability — Houzez Login Register 8.8 High2024-09-17
CVE-2024-8253 Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation — Post Grid and Gutenberg Blocks 8.8 High2024-09-11
CVE-2024-40681 IBM MQ security bypass — MQ 7.5 High2024-09-07
CVE-2024-39579 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.7 Medium2024-08-31
CVE-2024-4555 User impersonation with MFA when configure in specific way — NetIQ Access Manager 7.7 High2024-08-28
CVE-2024-39576 Dell Power Manager 安全漏洞 — Dell Power Manager (DPM) 8.8 High2024-08-22
CVE-2024-20466 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability — Cisco Identity Services Engine Software 6.5 Medium2024-08-21
CVE-2024-28000 WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability — LiteSpeed Cache 8.8AIHighAI2024-08-21
CVE-2024-6322 Grafana 安全漏洞 — Grafana 4.4 Medium2024-08-20
CVE-2024-25633 In eLabFTW, if administrators can create users, users can too — elabftw 5.4 Medium2024-08-15
CVE-2024-42441 Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Incorrect Privilege Assignment — Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS 6.2 Medium2024-08-14
CVE-2024-43153 WordPress Woffice theme <= 5.4.10 - Unauthenticated Privilege Escalation vulnerability — Woffice 9.8 Critical2024-08-13
CVE-2024-6758 Improper Privilege Management vulnerability in Sprecher Automation SPRECON-E — SPRECON-E 6.5 Medium2024-08-12
CVE-2024-7480 Improper access control in Avaya Aura System Manager — Aura System Manager 4.2 Medium2024-08-08
CVE-2024-23794 Agents are able to lock the ticket without the "Owner" permission — OTRS 5.2 Medium2024-07-15
CVE-2024-37927 WordPress Jobmonster theme <= 4.7.5 - Unauthenticated Privilege Escalation vulnerability — Jobmonster 8.8AIHighAI2024-07-12
CVE-2024-37560 WordPress WP User Switch plugin <= 1.1.3 - Privilege Escalation vulnerability — WP User Switch 8.0 High2024-07-12
CVE-2024-38278 Siemens RUGGEDCOM 安全漏洞 — RUGGEDCOM RMC8388 V5.X 6.6 Medium2024-07-09
CVE-2024-37134 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.7 Medium2024-07-02
CVE-2024-37132 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.7 Medium2024-07-02
CVE-2024-31912 IBM MQ privilege escalation — MQ 7.5 High2024-06-28
CVE-2024-27275 IBM i privilege escalation — i 7.4 High2024-06-15
CVE-2024-0085 CVE — vGPU software and Cloud Gaming 6.3 Medium2024-06-13

Vulnerabilities classified as CWE-266 (特权授予不正确) represent 380 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.