Weaknesses of type CWE-266

960 results
CVE-2025-0628HIGHImproper Authorization in BerriAI/litellmEPSS 0.3%CVE-2025-64761HIGHOpenBao Privileged Operator Identity Group Root EscalationEPSS 0.3%CVE-2024-11485MEDIUMCode4Berry Decoration Management System User userregister.php permissionEPSS 0.3%CVE-2026-5330MEDIUMSourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access controlEPSS 0.3%CVE-2026-12294CRITICALSandbox escape in the DOM: Workers componentEPSS 0.3%CVE-2025-31524HIGHWordPress WP User Profiles plugin <= 2.6.2 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2026-3263MEDIUMgo2ismail Asp.Net-Core-Inventory-Order-Management-System Security API improper authorizationEPSS 0.3%CVE-2025-13807MEDIUMorionsec orion-ops API MachineKeyController.java MachineKeyController improper authorizationEPSS 0.3%CVE-2025-10291MEDIUMlinlinjava litemall cancel WxAftersaleController improper authorizationEPSS 0.3%CVE-2026-33519CRITICALIncorrect privilege assignment in Portal for ArcGISEPSS 0.3%CVE-2025-67279MEDIUMAn issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stEPSS 0.3%CVE-2026-10255MEDIUMSourceCodester Pharmacy Sales and Inventory System ShowForm.php sell_statement access controlEPSS 0.3%CVE-2025-4493MEDIUMImproper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorizeEPSS 0.3%CVE-2025-29036MEDIUMAn issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component.EPSS 0.3%CVE-2025-10038MEDIUMBinary MLM Plan <= 3.0 - Unauthenticated Limited Privilege EscalationEPSS 0.3%CVE-2026-8752MEDIUMh2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java exec access controlEPSS 0.3%CVE-2026-2075MEDIUMyeqifu warehouse Role-Permission Binding RoleController.java saveRolePermission access controlEPSS 0.3%CVE-2026-7644MEDIUMChatGPTNextWeb NextChat actions.ts addMcpServer improper authorizationEPSS 0.3%CVE-2026-6105MEDIUMperfree go-fastdfs-web doInstall InstallController.java improper authorizationEPSS 0.3%CVE-2026-42758CRITICALWordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerabilityEPSS 0.3%