Weaknesses of type CWE-281
210 resultsCVE-2024-30187MEDIUMAnope before 2.0.15 does not prevent resetting the password of a suspended account.EPSS 0.5%CVE-2023-35938MEDIUMUser access not updated with privilege change in TuleapEPSS 0.5%CVE-2022-31096MEDIUMInvites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in DiscourseEPSS 0.5%CVE-2024-32882LOWPermission check bypass when editing a model with per-field restrictions in wagtailEPSS 0.5%CVE-2024-41648HIGHInsecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitEPSS 0.5%CVE-2024-41650HIGHInsecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitEPSS 0.5%CVE-2021-3418—If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validatiEPSS 0.5%CVE-2024-22401MEDIUMAll users can reset the allowed apps list for Nextcloud Guest App usersEPSS 0.5%CVE-2021-21379HIGHIt's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macroEPSS 0.5%CVE-2021-3847—An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the wEPSS 0.5%CVE-2024-36532CRITICALInsecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's tEPSS 0.5%CVE-2024-33892MEDIUMInsecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible toEPSS 0.4%CVE-2025-43698CRITICALImproper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for SEPSS 0.4%CVE-2024-50920HIGHInsecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted EPSS 0.4%CVE-2024-23464HIGHZscaler bypass with administrative privileges on WindowsEPSS 0.4%CVE-2023-42228HIGHPat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL ruEPSS 0.4%CVE-2025-25871HIGHAn issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions functionEPSS 0.4%CVE-2022-41963LOWBigBlueButton contains Improper Preservation of Permissions for whiteboardEPSS 0.4%CVE-2025-43697HIGHImproper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data.
This impacts OmnEPSS 0.4%CVE-2023-45807MEDIUMOpenSearch Issue with tenant read-only permissionsEPSS 0.4%