CWE-264
485 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-264page 10 of 10
- CVE-2025-48903HIGHCVSS 7.8EG 7.82025-06-06
Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-53177LOWCVSS 3.9EG 3.92025-07-07
Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule syncing function of watches.
- CVE-2025-53178MEDIUMCVSS 4.8EG 4.82025-07-07
Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units.
- CVE-2025-53186MEDIUMCVSS 5.9EG 5.92025-07-07
Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-5321CRITICALCVSS 9.9EG 6.32025-05-29
A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of th…
- CVE-2025-54608MEDIUMCVSS 6.2EG 6.22025-08-06
Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Impact: Successful exploitation of this vulnerability may cause device screen orientation to be arbitrarily set.
- CVE-2025-54654MEDIUMCVSS 6.2EG 6.22025-10-11
Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality
- CVE-2025-58276MEDIUMCVSS 6.8EG 6.82025-09-05
Permission verification vulnerability in the home screen module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-58282LOWCVSS 2.8EG 2.82025-10-11
Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2025-58283MEDIUMCVSS 5.5EG 5.52025-10-11
Permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2025-58284MEDIUMCVSS 5.9EG 5.92025-10-11
Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2025-58285MEDIUMCVSS 5.3EG 5.32025-10-11
Permission control vulnerability in the media module. Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2025-58293MEDIUMCVSS 5.5EG 5.52025-10-11
Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability.
- CVE-2025-58294MEDIUMCVSS 6.2EG 6.22025-11-28
Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2025-58302HIGHCVSS 8.4EG 8.42025-11-28
Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2025-58309MEDIUMCVSS 6.8EG 6.82025-11-28
Permission control vulnerability in the startup recovery module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
- CVE-2025-58312MEDIUMCVSS 5.1EG 5.12025-11-28
Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-58315MEDIUMCVSS 5.5EG 5.52025-11-28
Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2025-5874MEDIUMCVSS 4.6EG 5.52025-06-09
A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox is…
- CVE-2025-64315HIGHCVSS 7.1EG 4.42025-11-28
Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity.
- CVE-2025-66325MEDIUMCVSS 5.5EG 6.22025-12-08
Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2025-66329MEDIUMCVSS 5.5EG 4.02025-12-08
Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-68967MEDIUMCVSS 5.7EG 5.72026-01-14
Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2026-14784MEDIUMCVSS 6.3EG 6.32026-07-06
A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated re…
- CVE-2026-20046HIGHCVSS 8.8EG 8.82026-03-11
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerabili…
- CVE-2026-24920MEDIUMCVSS 6.2EG 6.22026-02-06
Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-24923MEDIUMCVSS 6.3EG 6.32026-02-06
Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2026-24924MEDIUMCVSS 6.1EG 6.12026-02-06
Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2026-24931MEDIUMCVSS 5.9EG 5.92026-02-06
Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2026-41962LOWCVSS 3.6EG 3.62026-05-15
Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2026-41974LOWCVSS 3.6EG 3.62026-06-09
Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-6117MEDIUMCVSS 6.3EG 6.32026-04-12
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument …
- CVE-2026-6224HIGHCVSS 7.3EG 7.32026-04-13
A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a man…
- CVE-2026-6878MEDIUMCVSS 5.6EG 5.62026-04-23
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of …
- CVE-2026-9368HIGHCVSS 7.3EG 7.32026-05-24
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handler. Such manipulation leads to sandbox …
Map vulnerabilities like CWE-264 to your infrastructure
EchelonGraph correlates every CVE — across CWE-264 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →