Weaknesses of type CWE-266
939 resultsCVE-2025-3255MEDIUMxujiangfei admintwo home access controlEPSS 0.5%CVE-2022-3735MEDIUMseccome Ehoney signup access controlEPSS 0.5%CVE-2024-9519HIGHUserPlus <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege EscalationEPSS 0.5%CVE-2025-3202MEDIUMageerle ruoyi-ai SysNoticeController.java improper authorizationEPSS 0.5%CVE-2022-3771MEDIUMeasyii CMS File Upload Management Upload.php file unrestricted uploadEPSS 0.5%CVE-2023-3775MEDIUMVault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of ServiceEPSS 0.5%CVE-2025-2089MEDIUMStarSea99 starsea-mall com.siro.mall.controller.mall.UserController updateInfo updateUserInfo access controlEPSS 0.5%CVE-2025-69179CRITICALWordPress Support Ticket Management System plugin <= 1.9 - Privilege Escalation vulnerabilityEPSS 0.4%CVE-2026-54807CRITICALWordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerabilityEPSS 0.4%CVE-2026-5569MEDIUMTechnostrobe HI-LED-WR120-G2 Endpoint access controlEPSS 0.4%CVE-2025-4066MEDIUMScriptAndTools Online-Travling-System addpackage.php access controlEPSS 0.4%CVE-2024-22303HIGHWordPress Houzez theme <= 3.2.4 - Privilege Escalation vulnerabilityEPSS 0.4%CVE-2024-21743HIGHWordPress Houzez Login Register plugin <= 3.2.5 - Privilege Escalation vulnerabilityEPSS 0.4%CVE-2024-56220CRITICALWordPress SSL Wireless SMS Notification plugin <= 3.6.0 - Privilege Escalation vulnerabilityEPSS 0.4%CVE-2025-47422HIGHAdvanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in cEPSS 0.4%CVE-2024-6758MEDIUMImproper Privilege Management vulnerability in Sprecher Automation SPRECON-EEPSS 0.4%CVE-2024-50506HIGHWordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Privilege Escalation vulnerabilityEPSS 0.4%CVE-2024-9779HIGHOpen-cluster-management-io/ocm: cluster-manager permissions may allow a worker node to obtain service account tokensEPSS 0.4%CVE-2025-48082HIGHWordPress Progress Planner plugin <= 1.8.0 - Privilege Escalation vulnerabilityEPSS 0.4%CVE-2022-4232MEDIUMSourceCodester Event Registration System unrestricted uploadEPSS 0.4%