Weaknesses of type CWE-276
905 resultsCVE-2022-30355CRITICALOvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId anEPSS 0.5%CVE-2023-23976HIGHWordPress RegistrationMagic plugin <= 5.1.9.2 - Arbitrary Price ChangeEPSS 0.5%CVE-2024-53351CRITICALInsecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.EPSS 0.5%CVE-2024-48822HIGHPrivilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to esEPSS 0.5%CVE-2024-51051CRITICALAVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account.EPSS 0.5%CVE-2023-41718HIGHWhen a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when haEPSS 0.5%CVE-2026-33590HIGHInsecure default permissions in Portainer CEEPSS 0.5%CVE-2024-57548CRITICALCMSimple 5.16 allows the user to edit log.php file via print page.EPSS 0.5%CVE-2018-11454—A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA EPSS 0.4%CVE-2020-5342HIGHDell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileEPSS 0.4%CVE-2023-1907HIGHPgadmin: users authenticated simultaneously via ldap may be attached to the wrong sessionEPSS 0.4%CVE-2022-44554HIGHThe power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of EPSS 0.4%CVE-2024-50657MEDIUMAn issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specEPSS 0.4%CVE-2014-7210CRITICALpdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scrEPSS 0.4%CVE-2017-7968—An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. EPSS 0.4%CVE-2023-37878MEDIUMInsecure Default Permissions in Wing FTP Server <= 7.2.0EPSS 0.4%CVE-2025-8031CRITICALIncorrect URL stripping in CSP reportsEPSS 0.4%CVE-2024-48572MEDIUMA User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a uEPSS 0.4%CVE-2024-22301MEDIUMWordPress Albo Pretorio Online Plugin <= 4.6.6 is vulnerable to Sensitive Data ExposureEPSS 0.4%CVE-2023-32996MEDIUMA missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to senEPSS 0.4%