Weaknesses of type CWE-266
963 resultsCVE-2026-39546HIGHWordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2024-13188MEDIUMMicroWorld eScan Antivirus Installation var default permissionEPSS 0.3%CVE-2026-12799MEDIUMBerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorizationEPSS 0.3%CVE-2025-25023MEDIUMIBM Security Guardium information disclosureEPSS 0.3%CVE-2022-1746HIGH2.2.8 INCORRECT PRIVILEGE ASSIGNMENT CWE-266EPSS 0.3%CVE-2025-5389MEDIUMJeeWMS File generateController.do dogenerateOne2Many access controlEPSS 0.3%CVE-2025-14778MEDIUMKeycloak: incorrect ownership checks in /uma-policy/EPSS 0.3%CVE-2025-5387MEDIUMJeeWMS File generateController.do dogenerate access controlEPSS 0.3%CVE-2026-49083HIGHWordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2026-5124MEDIUMosrg GoBGP BGP Header bgp.go BGPHeader.DecodeFromBytes access controlEPSS 0.3%CVE-2026-9795HIGHKeycloak: keycloak: privilege escalation via improper scope mapping enforcementEPSS 0.3%CVE-2026-25414HIGHWordPress WPBookit Pro plugin <= 1.6.18 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2026-2896MEDIUMfunadmin Configuration Ajax.php setConfig improper authorizationEPSS 0.3%CVE-2026-7109MEDIUMcode-projects Invoice System in Laravel API Endpoint item improper authorizationEPSS 0.3%CVE-2025-27095MEDIUMJumpServer has a Kubernetes Token Leak VulnerabilityEPSS 0.3%CVE-2026-11620MEDIUMTOTOLINK EX200 vsftpd vsftpd.conf least privilege violationEPSS 0.3%CVE-2025-2843HIGHObservability-operator: observability operator privilege escalationEPSS 0.3%CVE-2025-13115MEDIUMmacrozheng mall-swarm/mall Order Details detail improper authorizationEPSS 0.3%CVE-2026-22914MEDIUMAn attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manEPSS 0.3%CVE-2026-5642MEDIUMCyber-III Student-Management-System HTTP POST Request update.php improper authorizationEPSS 0.3%