Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-269 (特权管理不恰当) — Vulnerability Class 990

990 vulnerabilities classified as CWE-269 (特权管理不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4824 Enter Software Iperius Backup Backup Job Configuration File privileges management — Iperius Backup 7.0 High2026-03-25
CVE-2026-33509 pyload-ng: SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration — pyload 7.5 High2026-03-24
CVE-2026-29111 systemd: Local unprivileged user can trigger an assert — systemd 5.5 Medium2026-03-23
CVE-2026-4314 The Ultimate WordPress Toolkit – WP Extended <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor Module — The Ultimate WordPress Toolkit – WP Extended 8.8 High2026-03-22
CVE-2026-3629 Import and export users and customers <= 1.29.7 - Privilege Escalation to Administrator via save_extra_user_profile_fields — Import and export users and customers 8.1 High2026-03-21
CVE-2026-2375 App Builder – Create Native Android & iOS Apps On The Flight <= 5.5.10 - Unauthenticated Privilege Escalation via 'role' Parameter — App Builder – Create Native Android & iOS Apps On The Flight 6.5 Medium2026-03-21
CVE-2026-30888 Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence endpoint — discourse 2.2 Low2026-03-20
CVE-2026-32760 File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin — filebrowser 9.8 -2026-03-19
CVE-2026-2640 Lenovo PC Manager 安全漏洞 — PC Manager 5.5 Medium2026-03-11
CVE-2026-32106 StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts — studiocms 4.7 Medium2026-03-11
CVE-2026-24510 Dell Alienware Command Center 安全漏洞 — Alienware Command Center (AWCC) 6.7 Medium2026-03-11
CVE-2026-31852 Jellyfin Possible Organization/Secret Compromise from dangerous CI implementation — code-quality.yml 10.0 Critical2026-03-11
CVE-2026-30902 Zoom Clients for Windows - Improper Privilege Management — Zoom Workplace 7.8 High2026-03-11
CVE-2026-1993 ExactMetrics 7.1.0 - 9.0.2 - Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update — ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) 8.8 High2026-03-11
CVE-2026-31834 Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks — Umbraco-CMS 7.2 High2026-03-10
CVE-2025-15576 Jail chroot escape via fd exchange with a different jail — FreeBSD 5.5AIMediumAI2026-03-09
CVE-2025-15547 Jail escape by a privileged user via nullfs — FreeBSD 6.7AIMediumAI2026-03-09
CVE-2025-8899 Paid Videochat Turnkey Site – HTML5 PPV Live Webcams <= 7.3.20 - Authenticated (Author+) Privilege Escalation — Paid Videochat Turnkey Site – HTML5 PPV Live Webcams 8.8 High2026-03-07
CVE-2026-28548 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.1 High2026-03-05
CVE-2026-29127 Incorrect Permission Assignment(777) on `monitor` Users Home Directory Containing SUID Root Binaries in IDC SFX2100 — SFX2100 Satellite Receiver 7.8 -2026-03-05
CVE-2026-29124 Multiple SUID Root Binaries in `monitor` User Home Directory Leading to Potential Local Privilege Escalation — SFX2100 Satellite Receiver 7.8 -2026-03-05
CVE-2026-29123 Multiple SUID Root Binaries in `xd` User Home Directory Leading to Potential Local Privilege Escalation — SFX2100 Satellite Receiver 7.8 -2026-03-05
CVE-2026-29122 `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE — SFX2100 Satellite Receiver 7.1 -2026-03-05
CVE-2026-29121 `/sbin/ip` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE — SFX2100 Satellite Receiver 7.8 -2026-03-05
CVE-2026-27803 Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role — vaultwarden 8.3 High2026-03-04
CVE-2026-27802 Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager — vaultwarden 8.3 High2026-03-04
CVE-2026-20044 Cisco Secure Firewall Management Center Command Injection Vulnerability — Cisco Secure Firewall Management Center (FMC) 6.0 Medium2026-03-04
CVE-2026-1492 User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 9.8 Critical2026-03-03
CVE-2026-1566 LatePoint <= 5.2.7 - Authenticated (Agent+) Privilege Escalation — LatePoint – Calendar Booking Plugin for Appointments and Events 8.8 High2026-03-02
CVE-2025-12981 Listee <= 1.1.6 - Unauthenticated Privilege Escalation — Listee 9.8 Critical2026-02-27

Vulnerabilities classified as CWE-269 (特权管理不恰当) represent 990 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.