Weaknesses of type CWE-266
962 resultsCVE-2025-36612MEDIUMSupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attEPSS 0.1%CVE-2026-8148HIGHNAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipuEPSS 0.1%CVE-2025-43914HIGHDell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release versionEPSS 0.1%CVE-2026-20110MEDIUMA vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) conditioEPSS 0.1%CVE-2026-27102MEDIUMDell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect privilege assignment EPSS 0.1%CVE-2025-26425MEDIUMIn multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This couEPSS 0.1%CVE-2025-32747MEDIUMDell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with localEPSS 0.1%CVE-2026-22078HIGHO+ Connect's lack of authentication for IPC channels led to a local privilege escalation vulnerability.EPSS 0.1%CVE-2023-20957HIGHIn onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This couldEPSS 0.1%CVE-2026-53862LOWOpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope WideningEPSS 0.1%CVE-2025-48528MEDIUMIn multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. This could lead to local escalationEPSS 0.1%CVE-2025-48526MEDIUMIn createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profEPSS 0.1%CVE-2026-21425MEDIUMDell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulneraEPSS 0.1%CVE-2023-21269—In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL byEPSS 0.1%CVE-2024-34738HIGHIn multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due EPSS 0.1%CVE-2024-49731MEDIUMIn apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to aEPSS 0.1%CVE-2025-22415MEDIUMIn android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilEPSS 0.1%CVE-2025-2713MEDIUMImproper File Permission Handling in Google gVisor runscEPSS 0.1%CVE-2026-12388MEDIUMKeycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapperEPSS —CVE-2026-4629MEDIUMKeycloak: keycloak: privilege escalation through hardcoded role mapper injectionEPSS —