Weaknesses of type CWE-266
939 resultsCVE-2023-4153HIGHBAN Users <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update & Privilege EscalationEPSS 0.7%CVE-2023-50437HIGHAn issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and EPSS 0.7%CVE-2018-25148HIGHMicrohard Systems IPn4G 1.1.0 Remote Code Execution via Admin InterfaceEPSS 0.7%CVE-2025-62645CRITICALThe Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token witEPSS 0.7%CVE-2024-32444CRITICALWordPress RealHomes theme <= 4.3.6 - Privilege Escalation vulnerabilityEPSS 0.6%CVE-2025-26512CRITICALCVE-2025-26512 Privilege Escalation Vulnerability in SnapCenterEPSS 0.6%CVE-2021-20208—A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use KerberoEPSS 0.6%CVE-2025-32491CRITICALWordPress Rankology SEO – On-site SEO plugin <= 2.2.4 - Privilege Escalation VulnerabilityEPSS 0.6%CVE-2025-2320MEDIUM274056675 springboot-openai-chatgpt User submit improper authorizationEPSS 0.6%CVE-2016-7070HIGHA privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configuresEPSS 0.6%CVE-2025-13888CRITICALOpenshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobsEPSS 0.6%CVE-2024-43153CRITICALWordPress Woffice theme <= 5.4.10 - Unauthenticated Privilege Escalation vulnerabilityEPSS 0.6%CVE-2024-12470CRITICALSchool Management System – SakolaWP <= 1.0.8 - Unauthenticated Privilege EscalationEPSS 0.6%CVE-2022-4441HIGHPrivilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenterEPSS 0.6%CVE-2024-12213CRITICALWP Job Board Pro < 1.2.85 - Unauthenticated Privilege Escalation via process_registerEPSS 0.6%CVE-2024-54293CRITICALWordPress CE21 Suite plugin <= 2.2.0 - Privilege Escalation vulnerabilityEPSS 0.6%CVE-2025-0206MEDIUMcode-projects Online Shoe Store index.php access controlEPSS 0.6%CVE-2023-25591HIGHAuthenticated Information Disclosure in ClearPass Policy Manager Web-Based Management InterfaceEPSS 0.6%CVE-2024-56043CRITICALWordPress WPLMS plugin <= 1.9.9 - Unauthenticated Privilege Escalation vulnerabilityEPSS 0.6%CVE-2025-8261MEDIUMVaelsys VaelsysV4 User Creation vgrid_server.php improper authorizationEPSS 0.6%