CWE-266
897 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-266page 5 of 18
- CVE-2024-37927CRITICALCVSS 9.8EG 9.82024-07-12
Incorrect Privilege Assignment vulnerability in NooTheme Jobmonster noo-jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through <= 4.7.5.
- CVE-2024-38278MEDIUMCVSS 6.6EG 6.62024-07-09
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.9.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.9.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), R…
- CVE-2024-39576HIGHCVSS 8.8EG 8.82024-08-22
Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevatio…
- CVE-2024-39579MEDIUMCVSS 6.7EG 6.72024-08-31
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.
- CVE-2024-40433HIGHCVSS 8.8EG 8.82024-07-26
Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component.
- CVE-2024-40591HIGHCVSS 8.8EG 8.82025-02-11
An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission t…
- CVE-2024-40681HIGHCVSS 7.5EG 7.52024-09-07
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
- CVE-2024-41139HIGHCVSS 7.8EG 7.82024-07-29
Incorrect privilege assignment vulnerability exists in SKYSEA Client View Ver.6.010.06 to Ver.19.210.04e. If a user who can log in to the PC where the product's Windows client is installed places a specially crafted DLL file in a specific …
- CVE-2024-42441MEDIUMCVSS 6.2EG 6.22024-08-14
Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local a…
- CVE-2024-43153CRITICALCVSS 9.8EG 9.82024-08-13
Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through <= 5.4.10.
- CVE-2024-43333HIGHCVSS 7.5EG 7.52025-02-03
Incorrect Privilege Assignment vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.2.1.
- CVE-2024-45187HIGHCVSS 7.1EG 7.12024-08-23
Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server
- CVE-2024-45331HIGHCVSS 7.3EG 7.32025-01-16
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13,…
- CVE-2024-4555HIGHCVSS 7.7EG 7.72024-08-28
Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1
- CVE-2024-45759MEDIUMCVSS 6.8EG 6.82024-11-08
Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unaut…
- CVE-2024-46511HIGHCVSS 7.5EG 7.52024-09-30
LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and CredsGenFunction function.
- CVE-2024-46540MEDIUMCVSS 6.3EG 6.32024-09-30
A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining …
- CVE-2024-46974HIGHCVSS 7.8EG 7.82025-01-31
Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.
- CVE-2024-47595MEDIUMCVSS 6.3EG 6.32024-11-12
An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application.
- CVE-2024-47653MEDIUMCVSS 6.5EG 6.52024-10-04
This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or can…
- CVE-2024-47904HIGHCVSS 7.8EG 7.82024-10-23
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The…
- CVE-2024-4870HIGHCVSS 7.2EG 7.22024-06-04
The Frontend Registration – Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the '_cf7frr_' post meta. This makes it possible for authentic…
- CVE-2024-48941MEDIUMCVSS 5.4EG 5.42024-10-10
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest i…
- CVE-2024-49217CRITICALCVSS 9.8EG 9.82024-10-17
Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a throu…
- CVE-2024-49219HIGHCVSS 8.8EG 8.82024-10-17
Incorrect Privilege Assignment vulnerability in themexpo RS-Members rs-members allows Privilege Escalation.This issue affects RS-Members: from n/a through <= 1.0.3.
- CVE-2024-49322CRITICALCVSS 9.8EG 9.82024-10-17
Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through <= 1.0.
- CVE-2024-49348MEDIUMCVSS 4.3EG 4.32025-02-05
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that…
- CVE-2024-49561HIGHCVSS 7.8EG 7.82025-03-17
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leadin…
- CVE-2024-49608HIGHCVSS 8.8EG 8.82024-10-20
Incorrect Privilege Assignment vulnerability in gerryworks GERRYWORKS Post by Mail gerryworks-post-by-mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through <= 1.0.
- CVE-2024-49644HIGHCVSS 8.8EG 8.82025-01-07
Incorrect Privilege Assignment vulnerability in AllAccessible Accessibility by AllAccessible allaccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a through <= 1.3.4.
- CVE-2024-49731MEDIUMCVSS 4.0EG 4.02025-09-04
In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execu…
- CVE-2024-50481HIGHCVSS 8.8EG 8.82024-10-29
Incorrect Privilege Assignment vulnerability in stackthemes Bstone Demo Importer bstone-demo-importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through <= 1.0.1.
- CVE-2024-50485CRITICALCVSS 9.8EG 9.82024-10-29
Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix exam-matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through <= 1.5.
- CVE-2024-50504HIGHCVSS 8.8EG 8.82024-10-30
Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through <= 1.1.
- CVE-2024-50506HIGHCVSS 8.8EG 8.82024-10-30
Incorrect Privilege Assignment vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/a through <= 1.27.80.
- CVE-2024-50550HIGHCVSS 8.1EG 8.12024-10-29
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through <= 6.5.1.
- CVE-2024-50701MEDIUMCVSS 4.3EG 4.32024-12-30
TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.
- CVE-2024-50702MEDIUMCVSS 5.4EG 5.42024-12-30
TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.
- CVE-2024-51800CRITICALCVSS 9.8EG 9.82025-04-04
Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.
- CVE-2024-51888CRITICALCVSS 9.8EG 9.82025-01-21
Incorrect Privilege Assignment vulnerability in favethemes Homey Login Register homey-login-register allows Privilege Escalation.This issue affects Homey Login Register: from n/a through <= 2.4.0.
- CVE-2024-52048HIGHCVSS 7.8EG 7.82024-12-31
A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52049. Please note: an attac…
- CVE-2024-52049HIGHCVSS 7.8EG 7.82024-12-31
A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52048. Please note: an attac…
- CVE-2024-52442CRITICALCVSS 9.8EG 9.82024-11-20
Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.This issue affects UserPlus: from n/a through <= 2.0.
- CVE-2024-54229CRITICALCVSS 9.8EG 9.82024-12-16
Incorrect Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through <= 2.0.02.
- CVE-2024-54293CRITICALCVSS 9.8EG 9.82024-12-13
Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through <= 2.2.0.
- CVE-2024-54363CRITICALCVSS 9.8EG 9.82024-12-16
Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through <= 1.0.0.
- CVE-2024-54365HIGHCVSS 8.8EG 8.82024-12-16
Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through <= 1.0.0.
- CVE-2024-54383CRITICALCVSS 9.8EG 9.82024-12-18
Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9.9.
- CVE-2024-55542MEDIUMCVSS 4.4EG 4.42025-01-02
Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, m…
- CVE-2024-55570MEDIUMCVSS 5.4EG 5.42025-03-03
/api/user/users in the web GUI for the Cubro EXA48200 network packet broker (build 20231025055018) fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their privileges by sending a single HTTP PUT r…
Map vulnerabilities like CWE-266 to your infrastructure
EchelonGraph correlates every CVE — across CWE-266 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →