CWE-266: CWE-266
Yearly Trend
Top Affected Vendors
All CWE-266 CVEs (418)
TeamPass versions before 3.1.3.1 contain an authorization bypass vulnerability where users can access folder information without proper permission che...
Dec 30, 2024This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in SourceCodester Hospital Management System 1.0. Attackers can remotely d...
Nov 11, 2024This CVE describes an improper authorization vulnerability in Sanluan PublicCMS's trade payment handler. Attackers can manipulate payment IDs to bypas...
Feb 6, 2026This vulnerability in CyberArk's Password Vault Web Access (PVWA) allows potential privilege escalation through LDAP mapping misconfiguration. It affe...
Feb 3, 2025This PostgreSQL vulnerability allows a less-privileged application user to view or modify unintended database rows when the application uses SET ROLE ...
Nov 14, 2024This vulnerability allows telemetry opt-in settings corruption on other Pixel Watches when setting up a new watch, potentially enabling local privileg...
Sep 4, 2025This vulnerability allows an Android app to launch the ChooserActivity in another user profile without proper authorization due to improper input vali...
Sep 4, 2025This CVE describes a tapjacking/overlay vulnerability in Android's biometric authentication system that allows attackers to overlay legitimate biometr...
Sep 4, 2025This CVE describes a permission squatting vulnerability in Android's RoleService that allows local privilege escalation on affected versions. It affec...
Sep 4, 2025This CVE describes an improper authorization vulnerability in JeecgBoot's getPositionUserList function. Attackers can manipulate the positionId parame...
Dec 28, 2025This vulnerability in JeecgBoot allows attackers to bypass authorization checks by manipulating the departId parameter in the /sys/sysDepartPermission...
Dec 28, 2025This CVE describes an improper authorization vulnerability in JeecgBoot's queryDepartPermission function. Attackers can manipulate the departId parame...
Dec 28, 2025JeecgBoot up to version 3.9.0 contains an improper authorization vulnerability in the /sys/sysDepartPermission/datarule/ endpoint. This allows remote ...
Dec 28, 2025This CVE describes an improper authorization vulnerability in JeecgBoot's loadDatarule function that allows attackers to manipulate departId/roleId pa...
Dec 28, 2025This CVE describes an improper authorization vulnerability in JeecgBoot's getDeptRoleList function. Attackers can manipulate the departId parameter to...
Dec 28, 2025This vulnerability in JeecgBoot allows attackers to bypass authorization checks by manipulating the deptId parameter in the /sys/sysDepartRole/list en...
Dec 28, 2025This vulnerability in youlaitech youlai-mall allows attackers to bypass access controls in the order payment function, potentially manipulating paymen...
Dec 25, 2025This vulnerability allows Keycloak administrators with limited privileges to access sensitive custom user attributes that should be hidden by User Pro...
Feb 2, 2026About CWE-266 (CWE-266)
Our database tracks 418 CVEs classified as CWE-266, with 48 rated critical and 131 rated high severity. The average CVSS score for CWE-266 vulnerabilities is 6.7.
External reference: View CWE-266 on MITRE CWE →
Monitor CWE-266 Vulnerabilities
Get alerted when new CWE-266 CVEs affect your infrastructure.
Start Monitoring Free