CWE-269 (特权管理不恰当) — Vulnerability Class 990

990 vulnerabilities classified as CWE-269 (特权管理不恰当). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-3438	MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.4 - Unauthenticated Limited Privilege Escalation — MStore API – Create Native Android & iOS Apps On The Cloud	6.5	Medium	2025-05-02
CVE-2025-3224	Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion — Docker Desktop	7.8^AI	High^AI	2025-04-28
CVE-2025-46576	ZTE GoldenDB Database product has a privilege escalation vulnerability — GoldenDB	5.4	Medium	2025-04-27
CVE-2025-2238	Vikinger <= 1.9.30 - Authenticated (Subscriber+) Privilege Escalation via 'vikinger_user_meta_update_ajax' — Vikinger	8.8	High	2025-04-25
CVE-2025-3101	Configurator Theme Core <= 1.4.7 - Authenticated (Subscriber+) Privilege Escalation — Configurator Theme Core	8.8	High	2025-04-24
CVE-2025-3761	My Tickets – Accessible Event Ticketing <= 2.0.16 - Authenticated (Subscriber+) Privilege Escalation — My Tickets – Accessible Event Ticketing	8.8	High	2025-04-24
CVE-2025-1732	Zyxel USG FLEX 安全漏洞 — USG FLEX H series uOS firmware	6.7	Medium	2025-04-22
CVE-2025-3278	UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation — UrbanGo Membership	9.8	Critical	2025-04-19
CVE-2023-32197	Rancher's External RoleTemplates can lead to privilege escalation — rancher	6.6	Medium	2025-04-16
CVE-2024-22036	Rancher Remote Code Execution via Cluster/Node Drivers — rancher	9.1	Critical	2025-04-16
CVE-2025-3418	WPC Admin Columns 2.0.6 - 2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update — WPC Admin Columns	8.8	High	2025-04-12
CVE-2025-29800	Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability — Microsoft AutoUpdate for Mac	7.8	High	2025-04-08
CVE-2025-29999	Siemens License Server 安全漏洞 — Siemens License Server (SLS)	6.7	Medium	2025-04-08
CVE-2025-2798	Woffice <= 5.4.21 - Authentication Bypass via Registration Role — Woffice CRM	9.8	Critical	2025-04-04
CVE-2025-3105	Vehica Core <= 1.0.97 - Authenticated (Subscriber+) Privilege Escalation — Vehica Core	8.8	High	2025-04-04
CVE-2025-31286	Trend Vision One 安全漏洞 — Trend Vision One	4.6	Medium	2025-04-02
CVE-2025-31285	Trend Vision One 安全漏洞 — Trend Vision One	4.6	Medium	2025-04-02
CVE-2025-31284	Trend Vision One 安全漏洞 — Trend Vision One	4.6	Medium	2025-04-02
CVE-2025-31283	Trend Vision One 安全漏洞 — Trend Vision One	4.6	Medium	2025-04-02
CVE-2025-31282	Trend Vision One 安全漏洞 — Trend Vision One	4.6	Medium	2025-04-02
CVE-2025-2237	WP RealEstate <= 1.6.26 - Unauthenticated Privilege Escalation via 'process_register' — WP RealEstate	9.8	Critical	2025-04-01
CVE-2025-0416	Valmet DNA Local privilege escalation through insecure DCOM configuration — Valmet DNA	7.8^AI	High^AI	2025-04-01
CVE-2025-2858	Privilege escalation vulnerability in saTECH BCU — saTECH BCU	7.8	-	2025-03-28
CVE-2022-1804	Accountsservice incorrectly drops privileges — Linux	5.5	Medium	2025-03-25
CVE-2025-29924	XWiki uses the wrong wiki reference in AuthorizationManager — xwiki-platform	6.5	-	2025-03-19
CVE-2025-2324	A MOVEit Transfer user configured as a Shared Account can gain unintended List permissions on a folder — MOVEit Transfer	5.9	Medium	2025-03-19
CVE-2024-48828	Dell SmartFabric OS10 安全漏洞 — SmartFabric OS10 Software	5.5	Medium	2025-03-17
CVE-2025-2232	Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user' — Realteo	9.8	Critical	2025-03-14
CVE-2024-13376	Industrial <= 1.7.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update — Industrial	8.8	High	2025-03-14
CVE-2025-21199	Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability — Azure Agent for Backup	6.7	Medium	2025-03-11

Vulnerabilities classified as CWE-269 (特权管理不恰当) represent 990 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-269 (特权管理不恰当) — Vulnerability Class 990