Weaknesses of type CWE-281
210 resultsCVE-2023-28642MEDIUMAppArmor bypass with symlinked /proc in runcEPSS 0.3%CVE-2024-43784MEDIUMRe-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to it's deletionEPSS 0.3%CVE-2024-40800HIGHAn input validation issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macEPSS 0.3%CVE-2024-50928MEDIUMInsecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devicesEPSS 0.3%CVE-2022-48295HIGHThe IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (baEPSS 0.3%CVE-2022-48301HIGHThe bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-iEPSS 0.3%CVE-2023-25809MEDIUMrootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runcEPSS 0.3%CVE-2024-56178MEDIUMAn issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the security_admin_local role can create a new user in a group EPSS 0.3%CVE-2024-23560MEDIUMHCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom type EPSS 0.3%CVE-2025-32697NONECascading protection is not preventing file reversionsEPSS 0.3%CVE-2023-52542MEDIUMPermission verification vulnerability in the system module.
Impact: Successful exploitation of this vulnerability will affect availability.EPSS 0.3%CVE-2023-52373HIGHVulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthEPSS 0.3%CVE-2023-42231HIGHPat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users byEPSS 0.3%CVE-2025-7346HIGHAny unauthenticated attacker can bypass the localhost
restrictions posed by the application and utilize this to create
arbitrary packagesEPSS 0.3%CVE-2026-44832HIGHSnipe-IT: Privilege Escalation via API Permissions AssignmentEPSS 0.3%CVE-2024-39902MEDIUMTuleap's recursive permissions to document manager folder are not properly appliedEPSS 0.3%CVE-2024-50930HIGHAn issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code.EPSS 0.3%CVE-2026-35385HIGHIn OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the EPSS 0.3%CVE-2023-32355—A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS VenturEPSS 0.3%CVE-2026-40767HIGHWordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerabilityEPSS 0.3%