Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

GHSA-GX7X-8XVV-GH38

Vulnerability from github – Published: 2024-02-14 18:30 – Updated: 2025-01-23 21:31
VLAI
Details

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23976"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-14T17:15:14Z",
    "severity": "MODERATE"
  },
  "details": "When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance\nmode restrictions utilizing iAppsLX templates on a BIG-IP system. \u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
  "id": "GHSA-gx7x-8xvv-gh38",
  "modified": "2025-01-23T21:31:47Z",
  "published": "2024-02-14T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23976"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K91054692"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H29H-HH8G-Q4WH

Vulnerability from github – Published: 2026-04-03 21:31 – Updated: 2026-04-03 21:31
VLAI
Details

A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 26.03.1 is able to address this issue. This patch is called 8a59895ba063040cc8dafd82e94024c406df3d04. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5484"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-03T20:16:05Z",
    "severity": "MODERATE"
  },
  "details": "A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 26.03.1 is able to address this issue. This patch is called 8a59895ba063040cc8dafd82e94024c406df3d04. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.",
  "id": "GHSA-h29h-hh8g-q4wh",
  "modified": "2026-04-03T21:31:42Z",
  "published": "2026-04-03T21:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5484"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BookStackApp/BookStack/commit/8a59895ba063040cc8dafd82e94024c406df3d04"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BookStackApp/BookStack"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BookStackApp/BookStack/releases/tag/v26.03.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Ghufran2/CVE-Bookstack/blob/main/Permission%20Bypass%20in%20Markdown%20Chapter%20Export"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/781762"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/355091"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/355091/cti"
    },
    {
      "type": "WEB",
      "url": "https://www.bookstackapp.com/blog/bookstack-release-v26-03-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H2GW-573J-3MJJ

Vulnerability from github – Published: 2025-06-02 03:30 – Updated: 2025-06-02 03:30
VLAI
Details

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as critical. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor Page. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5425"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-02T03:15:25Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as critical. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor Page. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-h2gw-573j-3mjj",
  "modified": "2025-06-02T03:30:24Z",
  "published": "2025-06-02T03:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5425"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_access_theme_editing.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.310758"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.310758"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.584053"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H3RM-RXWJ-HFMW

Vulnerability from github – Published: 2025-11-14 00:30 – Updated: 2025-11-14 00:30
VLAI
Details

A vulnerability was found in Sonarr 4.0.15.2940. The impacted element is an unknown function of the file C:\ProgramData\Sonarr\bin\Sonarr.Console.exe of the component Service. Performing manipulation results in incorrect default permissions. The attack is only possible with local access. The vendor confirms this vulnerability but classifies it as a "low severity issue due to the default service user being used as it would either require someone to intentionally change the service to a highly privileged account or an attacker would need an admin level account". It is planned to fix this issue in the next major release v5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13131"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-13T22:15:50Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in Sonarr 4.0.15.2940. The impacted element is an unknown function of the file C:\\ProgramData\\Sonarr\\bin\\Sonarr.Console.exe of the component Service. Performing manipulation results in incorrect default permissions. The attack is only possible with local access. The vendor confirms this vulnerability but classifies it as a \"low severity issue due to the default service user being used as it would either require someone to intentionally change the service to a highly privileged account or an attacker would need an admin level account\". It is planned to fix this issue in the next major release v5.",
  "id": "GHSA-h3rm-rxwj-hfmw",
  "modified": "2025-11-14T00:30:27Z",
  "published": "2025-11-14T00:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13131"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Sonarr.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.332362"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.332362"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.683894"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H493-WM58-VGVJ

Vulnerability from github – Published: 2024-11-13 18:32 – Updated: 2024-11-14 18:30
VLAI
Details

A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will only affect users who utilize the Organizations feature to isolate resources on their Grafana instance.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9476"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-13T17:15:12Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will only affect users who utilize the Organizations feature to isolate resources on their Grafana instance.",
  "id": "GHSA-h493-wm58-vgvj",
  "modified": "2024-11-14T18:30:34Z",
  "published": "2024-11-13T18:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9476"
    },
    {
      "type": "WEB",
      "url": "https://grafana.com/blog/2024/11/12/grafana-security-release-medium-severity-security-fix-for-cve-2024-9476"
    },
    {
      "type": "WEB",
      "url": "https://grafana.com/security/security-advisories/cve-2024-9476"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H4CP-JFRQ-C2FX

Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30
VLAI
Details

A flaw has been found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b. This affects an unknown part of the file /user of the component User Management Handler. This manipulation of the argument role causes improper authorization. It is possible to initiate the attack remotely. The exploit has been published and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9409"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-25T02:16:56Z",
    "severity": "LOW"
  },
  "details": "A flaw has been found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b. This affects an unknown part of the file /user of the component User Management Handler. This manipulation of the argument role causes improper authorization. It is possible to initiate the attack remotely. The exploit has been published and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-h4cp-jfrq-c2fx",
  "modified": "2026-05-26T13:30:37Z",
  "published": "2026-05-26T13:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9409"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/c4ttr4ck/c891dd0fa550e910a1724cbd96d93a80"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/813605"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/365390"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/365390/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H4JX-HJR3-FHGC

Vulnerability from github – Published: 2026-03-29 15:49 – Updated: 2026-04-18 00:44
VLAI
Summary
OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin`
Details

Summary

Gateway Plugin Subagent Fallback deleteSession Uses Synthetic operator.admin

Affected Packages / Versions

  • Package: openclaw
  • Affected versions: <= 2026.3.24
  • First patched version: 2026.3.25
  • Latest published npm version at verification time: 2026.3.24

Details

Gateway plugin subagent fallback deleteSession previously dispatched sessions.delete with a synthetic operator.admin runtime scope when no request-scoped client existed. Commit b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7 binds deletion to the caller scope instead of minting admin scope.

Verified vulnerable on tag v2026.3.24 and fixed on main by commit b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7.

Fix Commit(s)

  • b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.3.24"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.28"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35645"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-648",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-29T15:49:34Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nGateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin`\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `\u003c= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nGateway plugin subagent fallback `deleteSession` previously dispatched `sessions.delete` with a synthetic `operator.admin` runtime scope when no request-scoped client existed. Commit `b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7` binds deletion to the caller scope instead of minting admin scope.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7`.\n\n## Fix Commit(s)\n\n- `b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7`",
  "id": "GHSA-h4jx-hjr3-fhgc",
  "modified": "2026-04-18T00:44:19Z",
  "published": "2026-03-29T15:49:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h4jx-hjr3-fhgc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35645"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-synthetic-operator-admin-in-deletesession"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin`"
}

GHSA-H765-X6XW-Q46W

Vulnerability from github – Published: 2025-03-15 00:30 – Updated: 2025-03-15 00:30
VLAI
Details

A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2320"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-14T22:15:11Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-h765-x6xw-q46w",
  "modified": "2025-03-15T00:30:24Z",
  "published": "2025-03-15T00:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2320"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.299749"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.299749"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.505689"
    },
    {
      "type": "WEB",
      "url": "https://www.cnblogs.com/aibot/p/18732226"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H7GG-9JGM-WFCF

Vulnerability from github – Published: 2025-11-13 15:30 – Updated: 2025-11-15 09:30
VLAI
Details

A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13118"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-13T15:15:50Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-h7gg-9jgm-wfcf",
  "modified": "2025-11-15T09:30:25Z",
  "published": "2025-11-13T15:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13118"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Hwwg/cve/issues/14"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Hwwg/cve/issues/9"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.332323"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.332323"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.683345"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.686531"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H823-PXJ6-HH24

Vulnerability from github – Published: 2025-08-20 09:30 – Updated: 2026-04-01 18:35
VLAI
Details

Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash allows Privilege Escalation. This issue affects SureDash: from n/a through 1.0.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48164"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-20T08:15:32Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash allows Privilege Escalation. This issue affects SureDash: from n/a through 1.0.3.",
  "id": "GHSA-h823-pxj6-hh24",
  "modified": "2026-04-01T18:35:53Z",
  "published": "2025-08-20T09:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48164"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/suredash/vulnerability/wordpress-suredash-1-0-3-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.