By weakness (CWE)

CWE-266: related vulnerabilities

CVEs classified under CWE-266. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

18 published vulnerabilities

  • CVE-2025-15656HIGH 8.8

    Mojoomla School Management contains a privilege escalation vulnerability stemming from improper assignment of user permissions. An authenticated attacker with basic user-level access can exploit this flaw to gain elevated privileges within the application, potentially obtaining administrative capabilities. The vulnerability affects all versions from the earliest tracked through version 93.2.0, making it a broad exposure for deployments that have not yet patched.

  • CVE-2026-35671HIGH 8.8

    phpMyFAQ versions before 4.1.3 contain a privilege escalation vulnerability in the admin password management API. An authenticated administrator with low-level privileges can manipulate API requests to reset any user's password, including SuperAdmin accounts, bypassing normal authorization checks. This allows attackers to seize full control of the FAQ system.

  • CVE-2026-10236HIGH 7.3

    A security flaw exists in SourceCodester Water Billing Management System version 1.0 that allows attackers to bypass authorization controls in the User Management system. An attacker can remotely manipulate user-related operations through the /classes/Users.php?f=save endpoint without needing credentials or user interaction. This means an unauthorized person could potentially create, modify, or access user accounts and associated data. Public disclosure of this vulnerability means attackers are likely already aware of and testing for it.

  • CVE-2026-10272MEDIUM 6.5

    A4M4's Student-Management-System contains an authorization flaw in its admin panel that allows unauthenticated attackers to manipulate a parameter called 'sid' in the deleteform.php file, potentially leading to unauthorized data modification or deletion. The vulnerability is network-accessible and does not require user interaction or special privileges to exploit. While the issue has been publicly disclosed and exploit code is available, the development team has not yet issued a patch or formal response.

  • CVE-2026-10152MEDIUM 6.3

    A flaw in TaleLin's lin-cms-spring-boot framework (version 0.2.1 and earlier) allows authenticated users to bypass access controls on the book endpoint. An attacker with valid login credentials can manipulate requests to perform actions they should not be permitted to execute, such as viewing, modifying, or deleting book records without proper authorization checks. Proof-of-concept code is publicly available, increasing the risk of active exploitation.

  • CVE-2026-10217MEDIUM 6.3

    A privilege management flaw exists in nextlevelbuilder GoClaw versions up to 3.11.3 that allows authenticated users to escalate their access or perform unauthorized actions. The vulnerability affects the RoleAdmin Gateway component, specifically in how it handles configuration saves. An attacker with valid credentials can exploit this remotely to gain elevated permissions or manipulate role-based access controls, potentially affecting data confidentiality, integrity, and availability.

  • CVE-2026-10269MEDIUM 6.3

    A vulnerability in decolua 9router allows an authenticated user to bypass authorization controls by manipulating the Host HTTP header. The flaw exists in the authentication logic of the dashboard guard component and can be exploited remotely by someone with valid login credentials. Affected versions up to 0.4.0 should be updated immediately to 0.4.1.

  • CVE-2026-10277MEDIUM 6.3

    A security flaw exists in the MCP Google Workspace integration's Gmail tool that allows authenticated users to bypass access controls and manipulate file storage operations. An attacker with valid login credentials can remotely exploit this vulnerability to gain unauthorized access to data or perform unintended modifications. The vulnerability affects the component up to commit 831790e7d5c2663325733d9f5579cc339a267c4c, and a patch has been released.

  • CVE-2026-10693MEDIUM 6.3

    SourceCodester Online Boat Reservation System version 1.0 contains a flaw in its administrative endpoints that fails to properly verify user permissions. An authenticated attacker can exploit this improper authorization to access or modify administrative functions they shouldn't have access to. The vulnerability requires an existing user account but can be exploited over the network without user interaction. The flaw affects multiple administrative endpoints, and exploit details have been publicly disclosed.

  • CVE-2026-43000MEDIUM 6.0

    An authenticated attacker with basic member-level permissions on an OpenStack Keystone project can escalate their privileges to administrator by chaining two Keystone features—application credentials and trusts—in an unintended way. The attack exploits a validation gap: when an impersonated token is created, Keystone checks the victim's stored admin role assignment in the database rather than validating against the actual permissions on the requesting token. This allows the attacker to create a trust that delegates the victim's admin privileges to themselves. The resulting admin access persists independently and can be maintained through additional credential chains, while all actions appear in audit logs under the victim's identity.

  • CVE-2026-10218MEDIUM 5.4

    A security flaw exists in nextlevelbuilder GoClaw versions up to 3.11.3 that allows authenticated users to perform actions they shouldn't be authorized to perform. The vulnerability resides in the authentication logic of the application and can be exploited remotely by someone with valid login credentials. Because the flaw has been publicly disclosed, there's elevated risk that attackers may attempt to exploit it.

  • CVE-2026-10284MEDIUM 5.4

    A security flaw in DevaslanPHP project-management versions up to 2.0.0-beta1 allows authenticated users to bypass authorization controls when editing or deleting comments in ticket management workflows. An attacker with login credentials can manipulate comment-related functions to perform actions they shouldn't be authorized to perform, such as deleting or modifying comments belonging to other users. The issue resides in the Livewire handler component and can be exploited remotely without requiring additional user interaction.

  • CVE-2026-10285MEDIUM 5.4

    DevaslanPHP project-management versions up to 2.0.0-beta1 contain an authorization flaw in the ticket handler component. An authenticated user can manipulate ticket records in ways they should not be permitted to perform, potentially modifying or deleting ticket data without proper access controls. The vulnerability requires an existing login but can be exploited remotely over the network.

  • CVE-2026-10255MEDIUM 5.3

    A remote access control weakness exists in SourceCodester Pharmacy Sales and Inventory System version 1.0. An unauthenticated attacker can exploit the sell_statement function in the application's form controller to bypass authorization checks and gain unauthorized read access to sensitive pharmacy data. The vulnerability requires no special interaction from users and can be triggered over the network. Because exploit code has already been publicly disclosed, active exploitation risk is elevated.

  • CVE-2026-10070MEDIUM 4.7

    A flaw in macrozheng mall versions up to 1.0.3 allows an authenticated administrator with high privileges to bypass authorization controls on the super admin password update endpoint. An attacker with admin credentials could manipulate requests to the /admin/update/ path and gain unauthorized access to sensitive administrative functions. The vulnerability requires valid admin-level authentication and cannot be exploited anonymously from the network.

  • CVE-2026-10215MEDIUM 4.3

    A flaw in Dolibarr ERP CRM's Leave Request REST API fails to properly check whether users have permission to access specific leave request objects. An authenticated attacker can remotely exploit this to view leave data they should not be able to see. The vulnerability affects versions up to 23.0.1, and Dolibarr has released version 23.0.2 as a fix. Because the exploit has been publicly disclosed, this poses an active risk despite its moderate CVSS score.

  • CVE-2026-10282MEDIUM 4.3

    Bottelet DaybydayCRM versions up to 2.2.1 contain an authorization flaw in the Documents controller that allows authenticated users to access files they shouldn't be able to view. An attacker with valid login credentials can exploit this remotely to read sensitive documents beyond their intended access scope. The vulnerability is rated MEDIUM severity and requires patching.

  • CVE-2026-10294MEDIUM 4.3

    PackageKit, a system library for package management on Linux, contains an authorization bypass vulnerability in versions up to 1.3.5. An authenticated attacker can manipulate the frontend-socket parameter in the API to gain unauthorized access to sensitive information. The vulnerability requires an existing user account to exploit but does not require user interaction. While the attack surface is somewhat limited by authentication requirements, the unauthorized information disclosure poses a real security concern for systems relying on PackageKit.