CWE-266: CWE-266

This vulnerability allows attackers to escalate privileges in WooCommerce Wholesale Suite, potentially granting unauthorized administrative access. It...

This CVE describes an improper authorization vulnerability in the Tutorials-Website Employee Management System's HTTP Request Handler component. Attac...

This CVE describes an improper authorization vulnerability in Shenzhen Sixun Business Management System versions 7 and 11. Attackers can remotely expl...

This critical vulnerability in Vaelsys 4.1.0 allows remote attackers to create unauthorized user accounts via the /grid/vgrid_server.php endpoint due ...

This critical vulnerability in the jack0240 bskms 蓝天幼儿园管理系统 (Blue Sky Kindergarten Management System) allows unauthorized attackers ...

This vulnerability allows attackers to escalate privileges in the Contempo Themes Real Estate 7 WordPress theme. Attackers can gain higher-level acces...

This critical vulnerability in ScriptAndTools Online-Travling-System 1.0 allows attackers to bypass access controls on the /admin/addpackage.php file,...

This CVE describes an improper authorization vulnerability in the ruoyi-ai software up to version 2.0.1. Attackers can remotely exploit this flaw to a...

A critical vulnerability in D-Link DIR-823G routers allows remote attackers to bypass authorization controls via manipulation of the SOAPAction parame...

This critical vulnerability in D-Link DIR-823G routers allows attackers to bypass authorization controls and manipulate DDNS settings remotely via the...

This CVE describes an improper authorization vulnerability in the springboot-openai-chatgpt project's user submission API endpoint. Attackers can remo...

This critical vulnerability in SourceCodester Best Employee Management System 1.0 allows attackers to bypass access controls on the administrative end...

This CVE describes an incorrect privilege assignment vulnerability in Fortinet FortiAnalyzer, FortiManager, and FortiAnalyzer Cloud products. Attacker...

This vulnerability in Fanli2012 native-php-cms 1.0 allows attackers to bypass authorization controls in the backend administration component. Attacker...

This critical vulnerability in wander-chu SpringBoot-Blog 1.0 allows remote attackers to bypass access controls via improper handling of HTTP POST req...

CVE-2024-13189 is a critical permission vulnerability in ZeroWdd myblog 1.0 that allows remote attackers to bypass authorization controls. The vulnera...

This critical vulnerability in D-Link DIR-823G routers allows unauthorized attackers to remotely modify critical system settings through the web manag...

This vulnerability allows attackers to escalate privileges in WordPress sites using the PostX (ultimate-post) plugin. Attackers can gain administrativ...

This vulnerability allows attackers to escalate privileges in the Custom Fields Account Registration For Woocommerce WordPress plugin. Attackers can g...

This vulnerability in the Harmonix on AWS framework allows IAM principals within the same AWS account to assume an administrative role due to an overl...

OpenBao versions before 2.4.4 contain a privilege escalation vulnerability where privileged operators without policy access can add root policies to i...

This vulnerability allows attackers to escalate privileges in the Kadence WooCommerce Email Designer WordPress plugin. Attackers can gain administrati...

A privilege escalation vulnerability in FortiOS Security Fabric allows remote authenticated attackers with high privileges to gain super-admin access ...

A privileged Vault operator with write permissions to the root namespace's identity endpoint can escalate token privileges to Vault's root policy, gra...

This vulnerability allows a Vault operator with write permissions to the root namespace's identity endpoint to escalate their own or another user's pr...

This vulnerability in TRENDnet TV-IP110WN IP cameras allows local attackers to bypass intended privilege restrictions through manipulation of the boa....

This vulnerability allows attackers with access to containers using nmstate/kubernetes-nmstate-handler to modify the /etc/passwd file and escalate pri...

This vulnerability allows attackers with access to a container mounting /etc/kubernetes or local node access to copy the kubeconfig file and potential...

This vulnerability allows an attacker with access to a container running the vulnerable operator-framework/presto component in Red Hat OpenShift 4 to ...

This vulnerability in SAPCAR allows authenticated attackers with high privileges to create malicious SAR archives that bypass signature validation. Th...

Attackers can craft malicious JSON Web Tokens (JWTs) to escalate privileges on the ABUP Cloud Update Platform. Successful exploitation allows unauthor...

Dell PowerProtect Data Domain has a local privilege escalation vulnerability where authenticated low-privileged users can execute unauthorized command...

Dell PowerScale OneFS contains an incorrect privilege assignment vulnerability that allows local low-privileged attackers to elevate their privileges....

Dell SupportAssist for Business PCs versions 4.5.3 and earlier contain an incorrect privilege assignment vulnerability (CWE-266). A local attacker wit...

This vulnerability allows a low-privileged local attacker to gain elevated privileges through the Dell SupportAssist installer. It affects users runni...

This vulnerability allows attackers to escalate privileges on Fortinet FortiManager and FortiAnalyzer systems by executing specific shell commands. Af...

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A local high-privileged attacker could...

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high-privileged attacker with local ...

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability that allows a local high-privileged atta...

This vulnerability allows unauthorized deletion of user accounts in the Rongzhitong Visual Integrated Command and Dispatch Platform due to improper ac...

A privilege escalation vulnerability in TIM Solution GmbH's TIM BPM Suite and TIM FLOW allows remote attackers to gain elevated privileges through spe...

This vulnerability in SourceCodester Online Student Clearance System 1.0 allows attackers to bypass authorization controls and delete fee records with...

This vulnerability in RISC-V Rocket-Chip allows privilege escalation by failing to properly downgrade from Machine-mode to Supervisor-mode when execut...

This CVE describes a local privilege escalation vulnerability in Sublime Text 4 where authenticated users with low-level privileges could potentially ...

A privilege escalation vulnerability in Unifiedtransform v2.0 allows remote attackers to gain elevated privileges through the /course/edit/{id} endpoi...

This vulnerability allows a PAM (Privileged Access Management) user in Devolutions Server to perform JIT (Just-In-Time) privilege requests on groups t...

A privilege escalation vulnerability in Quay container registry allows users or robots to gain administrative permissions on newly created repositorie...

This vulnerability allows attackers to bypass authorization controls in Tutorials-Website Employee Management System 1.0 by manipulating the ID parame...

This CVE describes an improper access control vulnerability in the mingyuefusu library management system's backend admin component. Attackers can remo...

GMOD Apollo lacks proper access controls when updating user information, allowing attackers to escalate privileges for themselves or other users. This...