CWE-280— Improper Handling of Insufficient Permissions or Privileges
The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.— MITRE CWE catalog
151 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-280page 3 of 4
- CVE-2025-30453HIGHCVSS 7.8EG 7.82025-05-12
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to gain root privileges.
- CVE-2025-31172HIGHCVSS 7.8EG 7.82025-04-07
Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2025-31173HIGHCVSS 8.8EG 8.82025-04-07
Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2025-3931HIGHCVSS 7.8EG 7.82025-05-14
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However…
- CVE-2025-43527HIGHCVSS 7.8EG 7.82025-12-12
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to gain root privileges.
- CVE-2025-45376HIGHCVSS 7.5EG 7.52025-09-29
Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leadi…
- CVE-2025-46066CRITICALCVSS 9.9EG 9.92026-01-12
An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges
- CVE-2025-46584HIGHCVSS 7.8EG 7.82025-05-06
Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2025-46708MEDIUMCVSS 4.3EG 4.32025-06-27
Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU.
- CVE-2025-46740HIGHCVSS 7.5EG 7.52025-05-12
An authenticated user without user administrative permissions could change the administrator Account Name.
- CVE-2025-49731LOWCVSS 3.1EG 3.12025-07-08
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
- CVE-2025-50170HIGHCVSS 7.8EG 7.82025-08-12
Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
- CVE-2025-58121MEDIUMCVSS 5.4EG 5.42025-11-18
Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information
- CVE-2025-58122MEDIUMCVSS 5.4EG 5.42025-11-18
Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.
- CVE-2025-58410HIGHCVSS 7.5EG 7.52025-11-17
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer reso…
- CVE-2025-58457MEDIUMCVSS 4.3EG 4.32025-09-24
Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade …
- CVE-2025-58770HIGHCVSS 8.8EG 8.82025-12-12
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and pot…
- CVE-2025-59040MEDIUMCVSS 4.3EG 4.32025-09-18
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Backlog item representations do not verify the permissions of the child trackers. Users might see tracker names they should not have access to…
- CVE-2025-62176MEDIUMCVSS 4.3EG 4.32025-10-13
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, eve…
- CVE-2025-62509HIGHCVSS 8.1EG 8.12025-10-20
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege users to perform unauthorized o…
- CVE-2025-62510HIGHCVSS 8.1EG 8.12025-10-20
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names. Low-privilege users could see or i…
- CVE-2025-64997MEDIUMCVSS 6.5EG 6.52025-12-18
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure.
- CVE-2025-6573CRITICALCVSS 9.8EG 9.82025-08-09
Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE).
- CVE-2025-67848HIGHCVSS 8.1EG 8.12026-02-03
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforc…
- CVE-2025-8109HIGHCVSS 8.8EG 8.82025-08-04
Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory.
- CVE-2026-10549MEDIUMCVSS 5.3EG 5.32026-06-02
LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database.
- CVE-2026-11764LOWCVSS 3.6EG 3.62026-06-09
When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API wh…
- CVE-2026-20448MEDIUMCVSS 6.7EG 6.72026-05-04
In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed fo…
- CVE-2026-20463MEDIUMCVSS 6.7EG 6.72026-07-01
In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploita…
- CVE-2026-20817HIGHCVSS 7.8EG 7.82026-01-13
Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
- CVE-2026-2123HIGHCVSS 7.8EG 7.82026-03-31
A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philipp…
- CVE-2026-21733HIGHCVSS 7.3EG 7.32026-04-17
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protection…
- CVE-2026-2340MEDIUMCVSS 6.5EG 6.52026-05-27
A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename o…
- CVE-2026-23857HIGHCVSS 8.2EG 8.22026-02-12
Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vuln…
- CVE-2026-24096HIGHCVSS 8.8EG 8.82026-04-01
Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive …
- CVE-2026-27910HIGHCVSS 7.8EG 7.82026-04-14
Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.
- CVE-2026-40371HIGHCVSS 8.8EG 8.82026-06-09
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
- CVE-2026-41566CRITICALCVSS 9.4EG 9.42026-06-25
Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: 2.8.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.
- CVE-2026-44197MEDIUMCVSS 6.5EG 6.52026-05-11
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primar…
- CVE-2026-44198MEDIUMCVSS 4.3EG 4.32026-05-11
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of s…
- CVE-2026-44199MEDIUMCVSS 6.5EG 6.52026-05-11
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submissio…
- CVE-2026-44200MEDIUMCVSS 6.5EG 6.52026-05-11
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be …
- CVE-2026-44201MEDIUMCVSS 5.3EG 5.32026-05-11
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and nam…
- CVE-2026-45195HIGHCVSS 7.8EG 7.82026-06-26
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can …
- CVE-2026-45196NONECVSS 0.0EG 0.02026-07-10
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation.
- CVE-2026-46054HIGHCVSS 7.1EG 7.12026-05-27
In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap() and mprotect() access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the…
- CVE-2026-54259MEDIUMCVSS 4.3EG 4.32026-07-01
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen endpoint incorrectly listed items for which the user has not been granted choose pe…
- CVE-2026-54261MEDIUMCVSS 6.5EG 6.52026-07-01
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any imag…
- CVE-2026-54262MEDIUMCVSS 4.3EG 4.32026-07-01
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do n…
- CVE-2026-6805HIGHCVSS 7.5EG 7.52026-05-07
Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.
Map vulnerabilities like CWE-280 to your infrastructure
EchelonGraph correlates every CVE — across CWE-280 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →