CWE-269 特权管理不恰当 类弱点 1060 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-269 属于权限管理不当漏洞,指产品未能正确分配、修改、跟踪或检查用户权限,导致攻击者获得非预期的控制范围。攻击者常利用此缺陷提升权限或越权访问敏感资源。开发者应实施最小权限原则,严格验证每次操作的身份与权限,确保权限分配、变更及撤销过程的安全性与完整性,从而防止未授权访问。
def makeNewUserDir(username): if invalidUsername(username): #avoid CWE-22 and CWE-78 print('Usernames cannot contain invalid characters') return False try: raisePrivileges() os.mkdir('/home/' + username) lowerPrivileges() except OSError: print('Unable to create new user directory for user:' + username) return False return Trueseteuid(0); /* do some stuff */ seteuid(getuid());| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-56216 | Capgo /functions/v1/apikey API密钥创建权限提升漏洞 — Capgo | 8.8 | High | 2026-06-20 |
| CVE-2026-56212 | Capgo 团队安全设置中2FA执行逻辑缺陷漏洞 — Capgo | 3.8 | Low | 2026-06-20 |
| CVE-2026-50201 | Steeltoe敏感执行器仅需受限权限 — Steeltoe.Management.Endpoint | 6.5 | Medium | 2026-06-17 |
| CVE-2026-20246 | Cisco Umbrella Insights Virtual Appliance 权限许可和访问控制问题漏洞 — Cisco Umbrella Insights Virtual Appliance | 6.0 | Medium | 2026-06-17 |
| CVE-2026-12165 | contest gallery 权限许可和访问控制问题漏洞 — Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | 8.8 | High | 2026-06-17 |
| CVE-2024-38487 | API网关:容器提权致逃逸 — EMC VxRail Appliance | 7.0 | High | 2026-06-16 |
| CVE-2026-8176 | LatePoint ≤5.5.1 特权提升及密码重置漏洞 — LatePoint – Calendar Booking Plugin for Appointments and Events | 7.5 | High | 2026-06-16 |
| CVE-2026-12217 | DVDFab Virtual Drive 权限许可和访问控制问题漏洞 — Virtual Drive | 7.8 | High | 2026-06-15 |
| CVE-2026-45176 | CyberArk Idira Endpoint Privilege Manager 安全漏洞 — Idira Endpoint Privilege Manager | - | - | 2026-06-11 |
| CVE-2026-50570 | Fission 安全漏洞 — fission | 8.5 | High | 2026-06-10 |
| CVE-2026-50564 | Fission 安全漏洞 — fission | 9.9 | Critical | 2026-06-10 |
| CVE-2026-50563 | Fission 安全漏洞 — fission | 9.9 | Critical | 2026-06-10 |
| CVE-2026-50545 | Fission 安全漏洞 — fission | 9.9 | Critical | 2026-06-10 |
| CVE-2025-6254 | WordPress plugin Doctreat Core 安全漏洞 — Doctreat Core | 9.8 | Critical | 2026-06-10 |
| CVE-2026-11616 | WordPress plugin Events Calendar for GeoDirectory 安全漏洞 — Events Calendar for GeoDirectory | 8.8 | High | 2026-06-09 |
| CVE-2026-44119 | Apache HTTP Server 安全漏洞 — Apache HTTP Server | - | - | 2026-06-08 |
| CVE-2025-5088 | Arista EOS和Arista CloudVision eXchange 安全漏洞 — EOS / CloudVision eXchange (CVX) | 8.3 | High | 2026-06-05 |
| CVE-2026-10868 | MISP 安全漏洞 — misp | - | - | 2026-06-04 |
| CVE-2026-49189 | Acer M6E 安全漏洞 — Connect M6E 5G Portable WiFi Router | - | - | 2026-06-04 |
| CVE-2026-8206 | WordPress plugin Kirki – Freeform Page Builder, Website Builder & Customizer 安全漏洞 — Kirki – Freeform Page Builder, Website Builder & Customizer | 9.8 | Critical | 2026-06-02 |
| CVE-2026-10217 | goclaw 安全漏洞 — GoClaw | 6.3 | Medium | 2026-06-01 |
| CVE-2026-7465 | WordPress plugin Spectra Gutenberg Blocks 安全漏洞 — Spectra Gutenberg Blocks – Website Builder for the Block Editor | 8.8 | High | 2026-05-30 |
| CVE-2026-47744 | shopper 授权问题漏洞 — shopper | 9.9 | Critical | 2026-05-29 |
| CVE-2026-45043 | rustfs 访问控制错误漏洞 — rustfs | - | - | 2026-05-29 |
| CVE-2026-8809 | WordPress plugin Advanced Custom Fields: Extended 安全漏洞 — Advanced Custom Fields: Extended | 9.8 | Critical | 2026-05-28 |
| CVE-2026-44543 | Local Path Provisioner 安全漏洞 — local-path-provisioner | 8.7 | High | 2026-05-28 |
| CVE-2026-8980 | MENNEKES AMTRON 安全漏洞 — Amtron | - | - | 2026-05-28 |
| CVE-2026-6226 | WordPress plugin Frontend Admin by DynamiApps 安全漏洞 — Frontend Admin by DynamiApps | 8.8 | High | 2026-05-28 |
| CVE-2026-45716 | Budibase 安全漏洞 — budibase | 8.8 | High | 2026-05-27 |
| CVE-2026-46424 | Budibase 安全漏洞 — budibase | 4.2 | Medium | 2026-05-27 |
CWE-269(特权管理不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 1060 条 CVE 漏洞。