Weaknesses of type CWE-266
939 resultsCVE-2025-1847MEDIUMzj1983 zz improper authorizationEPSS 0.5%CVE-2026-2668MEDIUMRongzhitong Visual Integrated Command and Dispatch Platform User add access controlEPSS 0.5%CVE-2024-50504HIGHWordPress Bulk Change Role plugin <= 1.1 - Privilege Escalation vulnerabilityEPSS 0.5%CVE-2026-23800CRITICALWordPress Modular DS plugin <= 2.5.2 - Privilege Escalation vulnerabilityEPSS 0.5%CVE-2024-45187HIGHMage AI allows deleted users to use the terminal server with admin access, leading to remote code executionEPSS 0.5%CVE-2024-4870HIGHFrontend Registration – Contact Form 7 <= 5.1 - Authenticated (Editor+) Privilege EscalationEPSS 0.5%CVE-2025-32695CRITICALWordPress Checkout Mestres WP plugin <= 8.7.5 - Privilege Escalation VulnerabilityEPSS 0.5%CVE-2025-8797MEDIUMLitmusChaos Litmus LocalStorage permissionEPSS 0.5%CVE-2024-49217CRITICALWordPress Adding drop down roles in registration plugin <= 1.1 - Privilege Escalation vulnerabilityEPSS 0.5%CVE-2024-49322CRITICALWordPress Job Board Manager for WordPress plugin <= 1.0 - Privilege Escalation vulnerabilityEPSS 0.5%CVE-2024-32507HIGHWordPress Login with phone number plugin <= 1.7.16 - Privilege Escalation vulnerabilityEPSS 0.5%CVE-2022-2637MEDIUMPrivilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenterEPSS 0.5%CVE-2026-32916CRITICALOpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin ScopesEPSS 0.5%CVE-2025-5999HIGHVault Root Namespace Operator May Elevate Token PrivilegesEPSS 0.5%CVE-2022-3944MEDIUMjerryhanjj ERP Commodity Management inventory.php uploadImages unrestricted uploadEPSS 0.5%CVE-2025-5163MEDIUMyangshare 技术杨工 warehouseManager 仓库管理系统 access controlEPSS 0.5%CVE-2026-3265MEDIUMgo2ismail Free-CRM Security API improper authorizationEPSS 0.5%CVE-2026-9397CRITICALBesen BS20 EV Charging Station OTA Update Installation improper authorizationEPSS 0.5%CVE-2025-3255MEDIUMxujiangfei admintwo home access controlEPSS 0.5%CVE-2023-38298HIGHVarious software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed bEPSS 0.5%