Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-269 (特权管理不恰当) — Vulnerability Class 992

992 vulnerabilities classified as CWE-269 (特权管理不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-1566 LatePoint <= 5.2.7 - Authenticated (Agent+) Privilege Escalation — LatePoint – Calendar Booking Plugin for Appointments and Events 8.8 High2026-03-02
CVE-2025-12981 Listee <= 1.1.6 - Unauthenticated Privilege Escalation — Listee 9.8 Critical2026-02-27
CVE-2026-27899 WireGuard Portal Vulnerable to Privilege Escalation to Admin via User Self-Update — wg-portal 8.8 High2026-02-26
CVE-2026-22721 VMware Aria Operations privilege escalation vulnerability — VMware Aria Operations 6.2 Medium2026-02-25
CVE-2025-40538 SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability — Serv-U 9.1 Critical2026-02-24
CVE-2026-27198 Formwork Improperly Manages Privileges During User Creation — formwork 8.8 High2026-02-21
CVE-2025-15561 Local Privilege Escalation in NesterSoft WorkTime — WorkTime (on-prem/cloud) 7.8AIHighAI2026-02-19
CVE-2026-1994 s2Member <= 260127 - Unauthenticated Privilege Escalation via Account Takeover — s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions 9.8 Critical2026-02-19
CVE-2025-13851 Buyent Theme (with Buyent Classified Plugin) <= 1.0.7 - Unauthenticated Privilege Escalation via User Registration — Buyent 9.8 Critical2026-02-19
CVE-2025-13563 Lizza LMS Pro <= 1.0.3 - Unauthenticated Privilege Escalation — Lizza LMS Pro 9.8 Critical2026-02-19
CVE-2026-0912 Toret Manager <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions — Toret Manager 8.8 High2026-02-19
CVE-2025-12882 Clasifico Listing <= 2.0 - Unauthenticated Privilege Escalation — Clasifico Listing 9.8 Critical2026-02-19
CVE-2026-2563 JingDong JD Cloud Box AX6600 jdcapp_rpc controlDevice get_status privileges management — JD Cloud Box AX6600 6.3 Medium2026-02-16
CVE-2026-2562 JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi cast_streen privileges management — JD Cloud Box AX6600 6.3 Medium2026-02-16
CVE-2026-2561 JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi web_get_ddns_uptime privileges management — JD Cloud Box AX6600 6.3 Medium2026-02-16
CVE-2026-26369 JUNG eNet SMART HOME server 2.2.1/2.3.1 Privilege Escalation via setUserGroup — eNet SMART HOME server 9.8 Critical2026-02-15
CVE-2026-1750 Ecwid by Lightspeed Ecommerce Shopping Cart <= 7.0.7 - Authenticated (Subscriber+) Privilege Escalation via ec_store_admin_access — Ecwid by Lightspeed Ecommerce Shopping Cart 8.8 High2026-02-15
CVE-2025-8572 Truelysell Core <= 1.8.7 - Unauthenticated Privilege Escalation via Registration — Truelysell Core 9.8 Critical2026-02-14
CVE-2026-2144 Magic Login Mail or QR Code <= 2.05 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage — Magic Login Mail or QR Code 8.1 High2026-02-14
CVE-2026-24894 FrankenPHP leaks session data between requests in worker mode — frankenphp 5.9AIMediumAI2026-02-12
CVE-2026-26010 Leaky JWTs in OpenMetadata exposing highly-privileged bot users — OpenMetadata 8.1AIHighAI2026-02-11
CVE-2025-64487 Outline is vulnerable to privilege escalation vulnerability in document sharing — outline 7.6 High2026-02-11
CVE-2026-21533 Windows Remote Desktop Services Elevation of Privilege Vulnerability — Windows 10 Version 1607 7.8 High2026-02-10
CVE-2025-15100 JAY Login & Register <= 2.6.03 - Authenticated (Subscriber+) Privilege Escalation via jay_panel_ajax_update_profile — JAY Login & Register 8.8 High2026-02-08
CVE-2025-15027 JAY Login & Register <= 2.6.03 - Unauthenticated Privilege Escalation via jay_login_register_ajax_create_final_user — JAY Login & Register 9.8 Critical2026-02-08
CVE-2025-6723 Untrusted user data can lead to privilege escalation — Chef Inspec 7.8AIHighAI2026-01-30
CVE-2025-13176 Local privilege escalation in ESET Inspect Connector for Windows — ESET Inspect Connector 7.8AIHighAI2026-01-30
CVE-2026-23896 immich API Key Privilege Escalation vulnerability — immich 7.2 High2026-01-29
CVE-2025-13918 Elevation of Privileges in Symantec Endpoint Protection Windows Client — Symantec Endpoint Protection Windows Client 6.7 Medium2026-01-28
CVE-2025-13917 Elevation of Privileges in Web Security Services (WSS) Agent — Symantec Web Security Services Agent 7.0 High2026-01-28

Vulnerabilities classified as CWE-269 (特权管理不恰当) represent 992 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.