Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-269 (特权管理不恰当) — Vulnerability Class 990

990 vulnerabilities classified as CWE-269 (特权管理不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-20282 Cisco ISE API Unauthenticated Remote Code Execution Vulnerability — Cisco Identity Services Engine Software 10.0 Critical2025-06-25
CVE-2025-39202 Hitachi MicroSCADA X SYS600 安全漏洞 — MicroSCADA X SYS600 7.3 High2025-06-24
CVE-2025-49157 Trend Micro Apex One Damage Cleanup Engine 安全漏洞 — Trend Micro Apex One 7.8 High2025-06-17
CVE-2025-49156 Trend Micro Apex One 安全漏洞 — Trend Micro Apex One 7.0 High2025-06-17
CVE-2025-0320 Citrix Secure Access - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges — Secure Access Client for Windows 7.8AIHighAI2025-06-17
CVE-2025-4879 Citrix Workspace App for Windows - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges — Workspace App for Windows 7.8AIHighAI2025-06-17
CVE-2025-36631 Local Privilege Escalation — Agent 8.4 High2025-06-13
CVE-2025-36633 Local Privilege Escalation — Agent 8.8 High2025-06-13
CVE-2025-5491 Acer ControlCenter - Remote Code Execution — ControlCenter 8.8 High2025-06-13
CVE-2025-4315 CubeWP – All-in-One Dynamic Content Framework <= 1.1.23 - Authenticated (Subscriber+) Privilege Escalation — CubeWP Framework 8.8 High2025-06-11
CVE-2025-22829 Apache CloudStack: Unauthorised access to dedicated resources in Quota plugin — Apache CloudStack 4.3AIMediumAI2025-06-10
CVE-2025-47849 Apache CloudStack: Insecure access of user's API/Secret Keys in the same domain — Apache CloudStack 7.2AIHighAI2025-06-10
CVE-2025-47713 Apache CloudStack: Domain Admin can reset Admin password in Root Domain — Apache CloudStack 7.2AIHighAI2025-06-10
CVE-2025-47955 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability — Windows 10 Version 1507 7.8 High2025-06-10
CVE-2025-33067 Windows Task Scheduler Elevation of Privilege Vulnerability — Windows 10 Version 1507 8.4 High2025-06-10
CVE-2025-22254 Fortinet多款产品 安全漏洞 — FortiOS 6.5 Medium2025-06-10
CVE-2024-41797 Siemens多款产品 安全漏洞 — RUGGEDCOM RST2428P 4.3 Medium2025-06-10
CVE-2025-4681 upKeeper Instant Privilege Access 安全漏洞 — upKeeper Instant Privilege Access 7.5AIHighAI2025-06-10
CVE-2025-4601 RH - Real Estate WordPress Theme <= 4.4.0 - Authenticated (Subscriber+) Privilege Escalation — RH - Real Estate WordPress Theme 8.8 High2025-06-10
CVE-2025-26396 SolarWinds Dameware Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability — Dameware Mini Remote Control Service 7.8 High2025-06-02
CVE-2025-0358 AXIS OS 安全漏洞 — AXIS OS 8.8 High2025-06-02
CVE-2025-4636 Local Privilege Escalation — Airpointer 7.8 High2025-05-30
CVE-2025-30475 Dell PowerScale InsightIQ 安全漏洞 — PowerScale InsightIQ 8.1 High2025-05-15
CVE-2025-27468 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability — Windows 10 Version 1507 7.0 High2025-05-13
CVE-2025-29976 Microsoft SharePoint Server Elevation of Privilege Vulnerability — Microsoft SharePoint Enterprise Server 2016 7.8 High2025-05-13
CVE-2025-0505 On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state — CloudVision Portal 10.0 Critical2025-05-08
CVE-2024-8100 On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision. — CloudVision 8.7 High2025-05-08
CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover — WPshop 2 – E-Commerce 8.8 High2025-05-07
CVE-2025-4335 Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation — Woocommerce Multiple Addresses 8.8 High2025-05-07
CVE-2025-47420 User Permissions on Network API — Automate VX 8.8AIHighAI2025-05-06

Vulnerabilities classified as CWE-269 (特权管理不恰当) represent 990 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.