Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-269 (特权管理不恰当) — Vulnerability Class 992

992 vulnerabilities classified as CWE-269 (特权管理不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-22039 Kyverno Cross-Namespace Privilege Escalation via Policy apiCall — kyverno 10.0 Critical2026-01-27
CVE-2025-59094 Local Privilege Escalation in dormakaba Kaba exos 9300 System management — Kaba exos 9300 7.8AIHighAI2026-01-26
CVE-2026-0920 LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter — LA-Studio Element Kit for Elementor 9.8 Critical2026-01-22
CVE-2026-23990 Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims — flux-operator 5.3 Medium2026-01-21
CVE-2025-14533 Advanced Custom Fields: Extended <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action — Advanced Custom Fields: Extended 9.8 Critical2026-01-20
CVE-2025-15403 RegistrationMagic <= 6.0.7.1 - Unauthenticated Privilege Escalation via admin_order — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login 9.8 Critical2026-01-17
CVE-2026-21223 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability — Microsoft Edge (Chromium-based) 7.1 High2026-01-16
CVE-2026-23477 Rocket.Chat Unauthorized Access to OAuth App Details — Rocket.Chat 7.7 High2026-01-14
CVE-2025-36640 Local Privilege Escalation — Nessus Agent 8.8 High2026-01-13
CVE-2026-22804 Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser — Termix 8.0 High2026-01-12
CVE-2025-14736 Frontend Admin by DynamiApps <= 3.28.29 - Unauthenticated Privilege Escalation to Administrator via Role Form Field — Frontend Admin by DynamiApps 9.8 Critical2026-01-09
CVE-2025-66315 ZTE MF258K Pro Version Server has a Configuration Defect Vulnerability — MF258K 4.3 Medium2026-01-09
CVE-2026-22043 RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting — rustfs 8.8 -2026-01-08
CVE-2026-22536 PRIVILEGE ESCALATION VIA SUDO COMMAND — QC 60/90/120 7.8 -2026-01-07
CVE-2025-47411 Apache StreamPipes: Leverage of User ID for Privilege Escalation — Apache StreamPipes 8.8 -2026-01-01
CVE-2025-69257 theshit vulnerable to unsafe loading of user-owned Python rules when running as root. — theshit 6.7 Medium2025-12-30
CVE-2025-68697 Self-hosted n8n has Legacy Code node that enables arbitrary file read/write — n8n 7.1 High2025-12-26
CVE-2025-52599 Inadequate account permissions management — QNV-C8012 8.1 -2025-12-26
CVE-2025-57840 Privilege Bypass in ADB — Magic OS 2.2 Low2025-12-24
CVE-2025-13619 Flex Store Users <= 1.1.0 - Unauthenticated Privilege Escalation — Flex Store Users 9.8 Critical2025-12-20
CVE-2025-58053 Galette has a privilege escalation vulnerability — galette 8.8AIHighAI2025-12-19
CVE-2023-53908 HiSecOS 04.0.01 Privilege Escalation via User Role Modification — HiSecOS 8.8 High2025-12-17
CVE-2025-13764 WP CarDealer <= 1.2.16 - Unauthenticated Privilege Escalation — WP CarDealer 9.8 Critical2025-12-11
CVE-2025-12952 Privilege Escalation in Dialogflow CX via Webhook Admin Role — Dialogflow CX 8.8AIHighAI2025-12-10
CVE-2025-12381 Privilege Escalation via Misconfigured Sudoers Entry for Local Users in AlgoSec Firewall Analyzer — Firewall Analyzer 7.8AIHighAI2025-12-09
CVE-2025-66324 Huawei HarmonyOS 安全漏洞 — HarmonyOS 8.4 High2025-12-08
CVE-2025-13292 Improper access control in Google Cloud Apigee-X allows cross-tenant Analytics modification and log data access. — Apigee-X 9.1 -2025-12-06
CVE-2025-7044 Privilege Escalation in MAAS via Websocket Request Manipulation — MAAS 7.7 High2025-12-03
CVE-2025-13542 DesignThemes LMS <= 1.0.4 - Unauthenticated Privilege Escalation — DesignThemes LMS 9.8 Critical2025-12-02
CVE-2025-13534 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action — ELEX WordPress HelpDesk & Customer Ticketing System 6.3 Medium2025-12-02

Vulnerabilities classified as CWE-269 (特权管理不恰当) represent 992 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.