Weaknesses of type CWE-266

960 results
CVE-2025-44655CRITICALIn TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorEPSS 0.3%CVE-2025-10992MEDIUMroncoo roncoo-pay lookupList improper authorizationEPSS 0.3%CVE-2022-20855HIGHCisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation VulnerabilityEPSS 0.3%CVE-2025-54735HIGHWordPress CubeWP Framework Plugin <= 1.1.24 - Privilege Escalation VulnerabilityEPSS 0.3%CVE-2025-55707HIGHWordPress PostX Plugin <= 4.1.35 - Privilege Escalation VulnerabilityEPSS 0.3%CVE-2025-9937MEDIUMelunez eladmin LocalStorageController deleteFile improper authorizationEPSS 0.3%CVE-2019-19349An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped inEPSS 0.3%CVE-2025-39459HIGHWordPress Real Estate 7 theme <= 3.5.2 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2025-67953HIGHWordPress Booking Activities plugin <= 1.16.44 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2025-10384MEDIUMyangzongzhuan RuoYi Role cancelAll improper authorizationEPSS 0.3%CVE-2025-8756MEDIUMTDuckCloud tduck-platform manage preHandle improper authorizationEPSS 0.3%CVE-2025-10390MEDIUMCRMEB UserAddressServices.php editAddress improper authorizationEPSS 0.3%CVE-2026-12770MEDIUMBerriAI litellm Admin Key key_management_endpoints.py improper authorizationEPSS 0.3%CVE-2026-3761MEDIUMSourceCodester Client Database Management System Endpoint superadmin_user_delete.php improper authorizationEPSS 0.3%CVE-2023-39173MEDIUMIn JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account accessEPSS 0.3%CVE-2025-10819MEDIUMfuyang_lipengjun platform queryAll UserCouponController improper authorizationEPSS 0.3%CVE-2025-10820MEDIUMfuyang_lipengjun platform queryAll TopicController improper authorizationEPSS 0.3%CVE-2024-48941CRITICALThe Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interactiEPSS 0.3%CVE-2026-6201MEDIUMCodeAstro Online Job Portal Delete Job Posting job-delete.php access controlEPSS 0.3%CVE-2025-7576MEDIUMTeledyne FLIR FB-Series O/FLIR FH-Series ID Production Tools production.html access controlEPSS 0.3%