CWE-266: CWE-266

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress plugin. Attackers can gain higher-level permissio...

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect privilege assignment. It affects all versions up to...

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision users with numeric external IDs, potentially overri...

This critical vulnerability allows attackers to bypass security controls and access the host filesystem, enabling unauthorized reading and modificatio...

This vulnerability allows remote authenticated attackers to obtain administrative tokens via a GraphQL mutation in the Restaurant Brands International...

A privilege escalation vulnerability in Red Hat OpenShift AI Service allows authenticated low-privileged users (like data scientists using Jupyter not...

This vulnerability allows authenticated SnapCenter Server users to escalate privileges to admin level on remote systems where SnapCenter plug-ins are ...

This vulnerability allows attackers to escalate privileges in LazyTasks project management software, potentially gaining administrative access. It aff...

CVE-2025-64188 is an incorrect privilege assignment vulnerability in the Soledad WordPress theme that allows attackers to escalate privileges. This af...

This vulnerability allows attackers to escalate privileges in WordPress sites using the King Addons for Elementor plugin. Attackers can gain administr...

This vulnerability allows attackers to gain higher privileges than intended in the Selling Commander for WooCommerce plugin. Attackers can escalate fr...

This vulnerability allows attackers to escalate privileges in the Atarim Visual Collaboration WordPress plugin, potentially gaining administrative acc...

This vulnerability allows attackers to escalate privileges in the CouponXxL WordPress theme due to incorrect privilege assignment. Attackers can gain ...

CVE-2024-32444 is an incorrect privilege assignment vulnerability in the RealHomes WordPress theme that allows attackers to escalate privileges, poten...

This vulnerability in TOTOLink routers allows attackers to bypass FTP directory restrictions due to misconfigured vsftpd settings. Attackers can acces...

This vulnerability allows attackers to escalate privileges in The E-Commerce ERP WordPress plugin, potentially gaining administrative access. It affec...

CVE-2025-49867 is an incorrect privilege assignment vulnerability in the RealHomes WordPress theme that allows attackers to escalate privileges to adm...

This vulnerability allows attackers to escalate privileges in the Service Finder Booking WordPress plugin, potentially gaining administrative access. ...

This vulnerability allows attackers to escalate privileges in WordPress sites using the Spreadsheet Price Changer plugin. Attackers can gain administr...

This vulnerability allows attackers to escalate privileges in the Themewinter Eventin WordPress plugin, potentially gaining administrative access. It ...

CVE-2025-39489 is an incorrect privilege assignment vulnerability in the CouponXL WordPress theme that allows attackers to escalate privileges to admi...

This vulnerability allows attackers to escalate privileges in the Simple Business Directory Pro WordPress plugin, potentially gaining administrative a...

This vulnerability allows attackers to escalate privileges in Brainstorm Force SureTriggers WordPress plugin, potentially gaining administrative acces...

NETSCOUT nGeniusONE before version 6.4.0 P11 b3245 has a weak sudo configuration that allows local users to escalate privileges. This affects organiza...

This vulnerability allows unauthenticated attackers to register WordPress accounts with arbitrary roles, including Administrator, when using social lo...

This vulnerability allows attackers to escalate privileges in Projectopia Projectopia, a WordPress project management plugin. Attackers can gain admin...

This vulnerability allows attackers to escalate privileges in Rankology SEO WordPress plugin, potentially gaining administrative access. It affects al...

This vulnerability allows attackers to escalate privileges in the Checkout Mestres WP WordPress plugin. Attackers can gain administrative access to Wo...

CVE-2024-51800 is an incorrect privilege assignment vulnerability in the Favethemes Homey WordPress theme that allows attackers to escalate privileges...

This critical vulnerability in IROAD dash cams allows remote attackers to bypass authorization controls, potentially accessing sensitive data or manip...

The DHVC Form WordPress plugin has a privilege escalation vulnerability that allows unauthenticated attackers to register as administrators. This affe...

CVE-2024-56000 is an incorrect privilege assignment vulnerability in SeventhQueen's K Elements WordPress plugin that allows unauthenticated attackers ...

The WP Job Board Pro WordPress plugin has a critical privilege escalation vulnerability that allows unauthenticated attackers to register as administr...

This vulnerability in the Real Estate 7 WordPress theme allows unauthenticated attackers to register new administrative user accounts due to improper ...

This vulnerability allows attackers to escalate privileges in the Easy Real Estate WordPress plugin due to incorrect privilege assignment. Attackers c...

The SakolaWP WordPress plugin allows unauthenticated attackers to register as administrative users due to improper role validation. This affects all W...

This vulnerability allows unauthenticated attackers to escalate privileges in VibeThemes VibeBP WordPress plugin, potentially gaining administrative a...

This vulnerability allows attackers to escalate privileges in Simple Dashboard WordPress plugin, potentially gaining administrative access. It affects...

This vulnerability allows attackers to escalate privileges in SSL Wireless SMS Notification WordPress plugin, enabling unauthorized users to gain admi...

This vulnerability allows attackers to gain elevated privileges in WooCommerce PDF Vouchers WordPress plugin due to incorrect privilege assignment. At...

This vulnerability allows attackers to escalate privileges in the Exam Matrix WordPress plugin due to incorrect privilege assignment. Attackers can ga...

This vulnerability in the WordPress 'Adding drop down roles in registration' plugin allows attackers to assign themselves administrative or other priv...

This vulnerability allows unauthenticated attackers to escalate privileges in the LiteSpeed Cache WordPress plugin. Attackers can gain administrative ...

This vulnerability allows remote attackers to gain full system access by uploading unvalidated container images to affected systems. It compromises bo...

This vulnerability allows authenticated namespace administrators in OpenShift GitOps to create ArgoCD Custom Resources that grant them elevated permis...

This vulnerability in Rocket Chip RISC-V processors allows unauthorized access to physical memory due to improper retention of the mstatus.SUM bit. It...

A privilege escalation vulnerability in SUSE Rancher allows Restricted Administrators to change passwords of full Administrators, enabling account tak...

CVE-2024-25660 allows low-privileged remote attackers to perform unauthorized file operations through the WebDAV service in Infinera TNMS due to exces...