Weaknesses of type CWE-269
1,779 resultsCVE-2024-22036CRITICALRancher Remote Code Execution via Cluster/Node DriversEPSS 0.7%CVE-2023-28632HIGHGLPI vulnerable to account takeover by authenticated userEPSS 0.7%CVE-2026-32760CRITICALFile Browser Self Registration Grants Any User Admin Access When Default Permissions Include AdminEPSS 0.7%CVE-2022-43759HIGHRancher: Privilege escalation via promoted rolesEPSS 0.7%CVE-2025-22829LOWApache CloudStack: Unauthorised access to dedicated resources in Quota pluginEPSS 0.7%CVE-2017-20038MEDIUMSICUNET Access Controller card_scan_decoder.php privileges managementEPSS 0.7%CVE-2024-32003HIGHDusk plugin may allow unfettered user authentication in misconfigured installsEPSS 0.7%CVE-2022-45963CRITICALh3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability.EPSS 0.7%CVE-2023-21987HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are PrioEPSS 0.7%CVE-2023-5402CRITICAL
A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote
code execution when the transfer command is used EPSS 0.7%CVE-2026-7641HIGHImport and export users and customers <= 2.0.8 - Authenticated (Subscriber+) Privilege Escalation via Multisite Capability Meta FieldsEPSS 0.7%CVE-2024-27181HIGHApache Linkis Basic management services: Privilege Escalation Attack vulnerabilityEPSS 0.7%CVE-2025-14736CRITICALFrontend Admin by DynamiApps <= 3.28.29 - Unauthenticated Privilege Escalation to Administrator via Role Form FieldEPSS 0.7%CVE-2022-3079HIGHFesto: CPX-CEC-C1 and CMXX, Missing Authentication for Critical Webpage FunctionEPSS 0.7%CVE-2026-12415CRITICALInvoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' ParameterEPSS 0.7%CVE-2023-29018HIGH OpenFeature Operator vulnerable to Cluster-level Privilege EscalationEPSS 0.7%CVE-2026-33821HIGHMicrosoft Dynamics 365 Customer Insights Elevation of Privilege VulnerabilityEPSS 0.7%CVE-2023-37058CRITICALInsecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges vEPSS 0.7%CVE-2025-59693CRITICALThe Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proxiEPSS 0.7%CVE-2026-27208CRITICALapi-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root ExecutionEPSS 0.7%