Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

GHSA-7FF4-JW48-3436

Vulnerability from github – Published: 2025-11-24 21:51 – Updated: 2025-11-27 07:58
VLAI
Summary
OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation
Details

Impact

Similar to HCSEC-2025-13 / CVE-2025-5999, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when:

  1. An operator in the root namespace has access to identity/groups endpoints.
  2. An operator does not have policy access.

Otherwise, an operator with policy access could create or modify an existing policy to grant root-equivalent permissions through the sudo capability.

Patches

Patched in version 2.4.4.

Workarounds

Users should audit the use of identity subsystem and deny operators access if it is not in use.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/openbao/openbao"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-64761"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-24T21:51:18Z",
    "nvd_published_at": "2025-11-25T01:15:46Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nSimilar to HCSEC-2025-13 / CVE-2025-5999, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user\u0027s permissions in the system. Specifically this is an issue when:\n\n1. An operator in the root namespace has access to `identity/groups` endpoints.\n2. An operator does not have policy access.\n\nOtherwise, an operator with policy access could create or modify an existing policy to grant root-equivalent permissions through the `sudo` capability.\n\n### Patches\n\nPatched in version 2.4.4. \n\n### Workarounds\n\nUsers should audit the use of identity subsystem and deny operators access if it is not in use.",
  "id": "GHSA-7ff4-jw48-3436",
  "modified": "2025-11-27T07:58:33Z",
  "published": "2025-11-24T21:51:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openbao/openbao/security/advisories/GHSA-7ff4-jw48-3436"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64761"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbao/openbao/pull/2143"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbao/openbao/commit/16bb0ccd37a502930a289d434cbe4e7b4edd66e5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbao/openbao/commit/747a1378c2756f86296ad9450f74f6faeecc2eb7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openbao/openbao"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbao/openbao/releases/tag/v2.4.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation"
}

GHSA-7FF8-XJH3-MGH6

Vulnerability from github – Published: 2026-03-03 22:13 – Updated: 2026-03-03 22:13
VLAI
Summary
OpenClaw's non-default autoAllowSkills setting could bypass on-miss exec prompt
Details

Summary

In openclaw versions up to and including 2026.2.22-2, a non-default exec-approval configuration could allow a skill-name collision to bypass an ask=on-miss prompt.

When autoAllowSkills=true, a path-scoped executable such as ./skill-bin could resolve to basename skill-bin, satisfy the skills allowlist segment, and run without prompting for approval.

Affected Packages / Versions

  • Package: npm openclaw
  • Affected versions: <= 2026.2.22-2
  • Patched versions: >= 2026.2.23 (released)

Configuration Scope (Not Default)

This behavior requires non-default settings and does not affect default installs.

Required conditions: - autoAllowSkills=true (default is false) - system.run with security=allowlist - ask=on-miss

Technical Details

The allowlist evaluator accepted skills satisfaction by bin-name match, so ./skill-bin could match skillBins.has("skill-bin") after resolution.

The fix hardens skill auto-allow matching by requiring: - a pathless invocation token (no / or \\), and - a trusted resolved executable path for that skill bin on the machine where skills run.

This preserves normal skill-bin ... behavior while preventing ./<skill-bin> and absolute-path basename collisions from auto-satisfying skills.

Impact

In affected non-default configurations, approval prompts could be skipped for commands that should have required operator confirmation.

Fix Commit(s)

  • ffd63b7a2c4c6d5aeb4710ef951d5794ad7ad77b (fix(security): trust resolved skill-bin paths in allowlist auto-allow)

OpenClaw thanks @tdjackey for reporting.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.2.22-2"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T22:13:53Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nIn `openclaw` versions up to and including `2026.2.22-2`, a non-default exec-approval configuration could allow a skill-name collision to bypass an `ask=on-miss` prompt.\n\nWhen `autoAllowSkills=true`, a path-scoped executable such as `./skill-bin` could resolve to basename `skill-bin`, satisfy the `skills` allowlist segment, and run without prompting for approval.\n\n### Affected Packages / Versions\n- Package: `npm openclaw`\n- Affected versions: `\u003c= 2026.2.22-2`\n- Patched versions: `\u003e= 2026.2.23` (released)\n\n### Configuration Scope (Not Default)\nThis behavior requires non-default settings and does not affect default installs.\n\nRequired conditions:\n- `autoAllowSkills=true` (default is `false`)\n- `system.run` with `security=allowlist`\n- `ask=on-miss`\n\n### Technical Details\nThe allowlist evaluator accepted `skills` satisfaction by bin-name match, so `./skill-bin` could match `skillBins.has(\"skill-bin\")` after resolution.\n\nThe fix hardens skill auto-allow matching by requiring:\n- a pathless invocation token (no `/` or `\\\\`), and\n- a trusted resolved executable path for that skill bin on the machine where skills run.\n\nThis preserves normal `skill-bin ...` behavior while preventing `./\u003cskill-bin\u003e` and absolute-path basename collisions from auto-satisfying `skills`.\n\n### Impact\nIn affected non-default configurations, approval prompts could be skipped for commands that should have required operator confirmation.\n\n### Fix Commit(s)\n- `ffd63b7a2c4c6d5aeb4710ef951d5794ad7ad77b` (`fix(security): trust resolved skill-bin paths in allowlist auto-allow`)\n\nOpenClaw thanks @tdjackey for reporting.",
  "id": "GHSA-7ff8-xjh3-mgh6",
  "modified": "2026-03-03T22:13:53Z",
  "published": "2026-03-03T22:13:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7ff8-xjh3-mgh6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/ffd63b7a2c4c6d5aeb4710ef951d5794ad7ad77b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw\u0027s non-default autoAllowSkills setting could bypass on-miss exec prompt"
}

GHSA-7FG5-VC77-69FP

Vulnerability from github – Published: 2026-06-01 03:30 – Updated: 2026-07-07 23:43
VLAI
Summary
Dolibarr ERP CRM is vulnerable to Improper Authorization through its Leave Request REST API
Details

A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/api_holidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 23.0.2 is recommended to address this issue. The identifier of the patch is ee93b6f2f9dd0f6aeefe9d718ab3ab0a44326b73. Upgrading the affected component is advised.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "dolibarr/dolibarr"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "15.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-10215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-07T23:43:39Z",
    "nvd_published_at": "2026-06-01T03:16:25Z",
    "severity": "LOW"
  },
  "details": "A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/api_holidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 23.0.2 is recommended to address this issue. The identifier of the patch is ee93b6f2f9dd0f6aeefe9d718ab3ab0a44326b73. Upgrading the affected component is advised.",
  "id": "GHSA-7fg5-vc77-69fp",
  "modified": "2026-07-07T23:43:39Z",
  "published": "2026-06-01T03:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10215"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Dolibarr/dolibarr/issues/37752"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Dolibarr/dolibarr/issues/37752#issuecomment-4304055921"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Dolibarr/dolibarr/commit/ee93b6f2f9dd0f6aeefe9d718ab3ab0a44326b73"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Dolibarr/dolibarr"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Dolibarr/dolibarr/releases/tag/23.0.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/user-attachments/files/26487388/2_Dolibarr_Leave_Request_API_Horizontal_Unauthorized_Read_en.pdf"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/cve/CVE-2026-10215"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/821930"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/367494"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/367494/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Dolibarr ERP CRM is vulnerable to Improper Authorization through its Leave Request REST API"
}

GHSA-7FRH-GCMM-Q865

Vulnerability from github – Published: 2022-10-17 19:00 – Updated: 2022-10-19 12:00
VLAI
Details

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3549"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-434"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-17T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability.",
  "id": "GHSA-7frh-gcmm-q865",
  "modified": "2022-10-19T12:00:19Z",
  "published": "2022-10-17T19:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3549"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Ramansh123454/POCs/blob/main/CSMS_RCE"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.211049"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7FWG-H4WF-X2R5

Vulnerability from github – Published: 2025-04-01 21:31 – Updated: 2026-04-01 18:34
VLAI
Details

Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system allows Privilege Escalation. This issue affects Salon booking system: from n/a through 10.11.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-31560"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-01T21:15:50Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system allows Privilege Escalation. This issue affects Salon booking system: from n/a through 10.11.",
  "id": "GHSA-7fwg-h4wf-x2r5",
  "modified": "2026-04-01T18:34:26Z",
  "published": "2025-04-01T21:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31560"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/salon-booking-system/vulnerability/wordpress-salon-booking-system-plugin-10-11-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7GMX-VW6R-9XRM

Vulnerability from github – Published: 2026-03-02 09:30 – Updated: 2026-03-02 09:30
VLAI
Details

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.0 mitigates this issue. The name of the patch is d640ac31d1ce64ce90e06cf7081163915c9fc28c. Upgrading the affected component is recommended. Multiple endpoints are affected. The vendor was contacted early about this disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-15597"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-02T07:16:22Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.0 mitigates this issue. The name of the patch is d640ac31d1ce64ce90e06cf7081163915c9fc28c. Upgrading the affected component is recommended. Multiple endpoints are affected. The vendor was contacted early about this disclosure.",
  "id": "GHSA-7gmx-vw6r-9xrm",
  "modified": "2026-03-02T09:30:30Z",
  "published": "2026-03-02T09:30:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dataease/SQLBot/security/advisories/GHSA-h4xm-3q3p-5g6r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15597"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dataease/SQLBot/commit/d640ac31d1ce64ce90e06cf7081163915c9fc28c"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.707295"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.707294"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.707293"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.707288"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.707286"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.707285"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.707284"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.707283"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.706144"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.348291"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.348291"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-User-Management-Broken-Access-Control.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-AIModel-Management-Missing-Authorization.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dataease/SQLBot/releases/tag/v1.5.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dataease/SQLBot"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7GP3-6WQ2-PF7V

Vulnerability from github – Published: 2025-09-13 21:31 – Updated: 2025-09-13 21:31
VLAI
Details

A security flaw has been discovered in Shenzhen Sixun Business Management System 7/11. This affects an unknown part of the file /Adm/OperatorStop. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10374"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-13T19:15:31Z",
    "severity": "MODERATE"
  },
  "details": "A security flaw has been discovered in Shenzhen Sixun Business Management System 7/11. This affects an unknown part of the file /Adm/OperatorStop. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.",
  "id": "GHSA-7gp3-6wq2-pf7v",
  "modified": "2025-09-13T21:31:36Z",
  "published": "2025-09-13T21:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10374"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.323788"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.323788"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.639092"
    },
    {
      "type": "WEB",
      "url": "https://www.yuque.com/hongzh0/tx13c7/lgb05p6ar7ybugcz"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7GPQ-5JCR-FH27

Vulnerability from github – Published: 2025-09-08 00:30 – Updated: 2025-09-08 00:30
VLAI
Details

A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10073"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-08T00:15:29Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.",
  "id": "GHSA-7gpq-5jcr-fh27",
  "modified": "2025-09-08T00:30:19Z",
  "published": "2025-09-08T00:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10073"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Object%20Level%20Authorization%20(BOLA)%20allows%20enumeration%20of%20classes%20informations%20via%20.module.Api.turma.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10073.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.323021"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.323021"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.644136"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7GXR-VXJ9-9X53

Vulnerability from github – Published: 2024-10-30 09:30 – Updated: 2026-04-01 18:32
VLAI
Details

Incorrect Privilege Assignment vulnerability in Matt Whiteman Bulk Change Role allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through 1.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50504"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-30T08:15:03Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Privilege Assignment vulnerability in Matt Whiteman Bulk Change Role allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through 1.1.",
  "id": "GHSA-7gxr-vxj9-9x53",
  "modified": "2026-04-01T18:32:14Z",
  "published": "2024-10-30T09:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50504"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/bulk-role-change/vulnerability/wordpress-bulk-change-role-plugin-1-1-privilege-escalation-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/bulk-role-change/wordpress-bulk-change-role-plugin-1-1-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7HCG-H92Q-PJ2J

Vulnerability from github – Published: 2025-08-28 15:30 – Updated: 2026-04-01 18:36
VLAI
Details

Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin allows Privilege Escalation. This issue affects Miraculous Core Plugin: from n/a through 2.0.7.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49388"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-28T13:15:59Z",
    "severity": "CRITICAL"
  },
  "details": "Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin allows Privilege Escalation. This issue affects Miraculous Core Plugin: from n/a through 2.0.7.",
  "id": "GHSA-7hcg-h92q-pj2j",
  "modified": "2026-04-01T18:36:00Z",
  "published": "2025-08-28T15:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49388"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/miraculouscore/vulnerability/wordpress-miraculous-core-plugin-plugin-2-0-7-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.