Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-269 (特权管理不恰当) — Vulnerability Class 992

992 vulnerabilities classified as CWE-269 (特权管理不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-6741 LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability — LatePoint – Calendar Booking Plugin for Appointments and Events 8.8 High2026-04-27
CVE-2026-7106 Highland Software Custom Role Manager <= 1.0.0 - Authenticated (Subscriber+) Privilege Escalation — Highland Software Custom Role Manager 8.8 High2026-04-27
CVE-2026-41359 OpenClaw < 2026.3.28 - Privilege Escalation via operator.write to Admin-Class Telegram Config and Cron Persistence — OpenClaw 7.1 High2026-04-23
CVE-2026-1726 Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager — Guardium Key Lifecycle Manager 4.3AIMediumAI2026-04-22
CVE-2026-3621 IBM WebSphere Application Server Liberty is affected by identity spoofing — WebSphere Application Server - Liberty 7.5 High2026-04-22
CVE-2026-6386 Missing large page handling in pmap_pkru_update_range() — FreeBSD 7.1AIHighAI2026-04-22
CVE-2026-35154 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain appliances 6.3 Medium2026-04-20
CVE-2026-40572 NovumOS has Arbitrary Memory Mapping via Syscall 15 (MemoryMapRange) — NovumOS 9.0 Critical2026-04-18
CVE-2026-40317 NovumOS has Privilege Escalation in the Syscall Interface — NovumOS 9.4 Critical2026-04-18
CVE-2026-40484 ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function — CRM 9.1 Critical2026-04-17
CVE-2026-40002 ZTE Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations. — Red Magic 11 Pro (NX809J) 5.0 Medium2026-04-17
CVE-2026-23772 Dell Storage Manager 安全漏洞 — Storage Manager 7.3 High2026-04-16
CVE-2026-4880 Barcode Scanner (+Mobile App) <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication — Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) 9.8 Critical2026-04-15
CVE-2026-34393 Weblate: Privilege escalation in the user API endpoint — weblate 8.8 High2026-04-15
CVE-2026-40291 Chamilo LMS has Privilege Escalation via API User Role Modification — chamilo-lms 8.8 High2026-04-14
CVE-2026-32181 Connected User Experiences and Telemetry Service Denial of Service Vulnerability — Windows 10 Version 21H2 5.5 Medium2026-04-14
CVE-2026-5144 BuddyPress Groupblog <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR — BuddyPress Groupblog 8.8 High2026-04-11
CVE-2026-33706 Chamilo LMS has a REST API Self-Privilege Escalation (Student → Teacher) — chamilo-lms 7.1 High2026-04-10
CVE-2026-35595 Vikunja Affected by Privilege Escalation via Project Reparenting — vikunja 8.3 High2026-04-10
CVE-2026-39961 Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource — aiven-operator 6.8 Medium2026-04-09
CVE-2026-35607 File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands — filebrowser 8.1 High2026-04-07
CVE-2026-5373 runZero Platform superuser privilege escalation — Platform 8.1 High2026-04-07
CVE-2026-33727 Pi-hole has a Local Privilege Escalation (post-compromise, pihole -> root). — pi-hole 6.4 Medium2026-04-06
CVE-2023-7343 Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File — Hirschmann Industrial HiVision 7.8 High2026-04-02
CVE-2023-7342 Belden HiSecOS Web Server Privilege Escalation — Hirschmann HiSecOS EAGLE 8.8 High2026-04-02
CVE-2026-34528 File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution — filebrowser 8.1 High2026-04-01
CVE-2026-34397 himmelblau: NSS fake-primary group lookup reintroduces name collision risk — himmelblau 6.3 Medium2026-04-01
CVE-2026-33074 Discourse: Vulnerability in discourse-subscriptions plugin allowing users to self-grant to higher tier subscriptions — discourse 7.1 -2026-03-31
CVE-2026-34218 ClearanceKit: Managed and user-defined policy rules not enforced between opfilter start and first policy modification — clearancekit 7.7AIHighAI2026-03-31
CVE-2026-33906 Ella Core has Privilege Escalation via Database Restore by NetworkManager role — core 7.2 High2026-03-27

Vulnerabilities classified as CWE-269 (特权管理不恰当) represent 992 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.