Weaknesses of type CWE-266
963 resultsCVE-2025-10071MEDIUMPortabilis i-Educar cancelar-enturmacao-em-lote access controlEPSS 0.3%CVE-2025-0797MEDIUMMicroWorld eScan Antivirus Quarantine Microworld default permissionEPSS 0.3%CVE-2025-10987MEDIUMYunaiV yudao-cloud HTTP Request transfer improper authorizationEPSS 0.3%CVE-2025-10988MEDIUMYunaiV ruoyi-vue-pro transfer improper authorizationEPSS 0.3%CVE-2025-62034HIGHWordPress Togo theme < 1.0.4 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2025-49900HIGHWordPress Advanced scrollbar plugin <= 1.1.8 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2026-33518CRITICALIncorrect privilege assignment in Portal for ArcGISEPSS 0.3%CVE-2025-47561HIGHWordPress MapSVG plugin < 8.6.13 - Privilege Escalation VulnerabilityEPSS 0.3%CVE-2025-39366HIGHWordPress wProject theme < 5.8.0 - Subscriber+ Privilege Escalation vulnerabilityEPSS 0.3%CVE-2026-11462MEDIUMChengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorizationEPSS 0.3%CVE-2026-5122MEDIUMosrg GoBGP BGP OPEN Message bgp.go DecodeFromBytes access controlEPSS 0.3%CVE-2026-8241MEDIUMIndustrial Application Software IAS Canias ERP RMI iasGetServerInfoEvent improper authorizationEPSS 0.3%CVE-2026-45830HIGHA lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily rEPSS 0.3%CVE-2025-4692MEDIUMABUP IoT Cloud Platform Incorrect Privilege AssignmentEPSS 0.3%CVE-2025-4136MEDIUMWeitong Mall Sale Endpoint improper authorizationEPSS 0.3%CVE-2026-9580MEDIUMJeecgBoot selectDepart LoginController.selectDepart access controlEPSS 0.3%CVE-2024-50702MEDIUMTeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.EPSS 0.3%CVE-2026-1712MEDIUMIncorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 1EPSS 0.3%CVE-2024-13188MEDIUMMicroWorld eScan Antivirus Installation var default permissionEPSS 0.3%CVE-2026-9562MEDIUMsambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard access controlEPSS 0.3%