Weaknesses of type CWE-276
905 resultsCVE-2024-46505CRITICALInfoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.EPSS 0.3%CVE-2024-49202HIGHKeyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.EPSS 0.3%CVE-2024-55930MEDIUMWeak default folder permissionsEPSS 0.3%CVE-2025-34191HIGHVasion Print (formerly PrinterLogic) Arbitrary File Write as Root via Response Path Symlink FollowEPSS 0.3%CVE-2026-8487MEDIUMIncorrect default permissions vulnerability in Progress Software MOVEit AutomationEPSS 0.3%CVE-2025-8766MEDIUMNoobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core containerEPSS 0.3%CVE-2022-4964MEDIUMUbuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set.EPSS 0.3%CVE-2024-0770MEDIUMEuropean Chemicals Agency IUCLID Desktop Installer iuclid6.exe default permissionEPSS 0.3%CVE-2020-8018HIGHUser owned /etc in SLES15-SP1-CHOST-BYOSEPSS 0.3%CVE-2019-3687MEDIUM"easy" permission profile allows everyone execute dumpcap and read all network trafficEPSS 0.3%CVE-2024-21958HIGHIncorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalationEPSS 0.3%CVE-2022-28702MEDIUMe-Design - Multiple vulnerabilitiesEPSS 0.3%CVE-2024-1155HIGHIncorrect permissions for shared NI SystemLink Elixir based servicesEPSS 0.3%CVE-2024-21957HIGHIncorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation pEPSS 0.3%CVE-2013-0266MEDIUMPuppetlabs-cinder: packstack: openstack: puppetlabs-cinder: information disclosure of openstack administrative passwords due to world-readable configuration files.EPSS 0.3%CVE-2023-32351—A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated priEPSS 0.3%CVE-2022-38583HIGHOn versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuraEPSS 0.3%CVE-2024-27180MEDIUMTOCTOU vulnerabilityEPSS 0.3%CVE-2020-10606—In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. EPSS 0.3%CVE-2024-21122MEDIUMVulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Text Catalog). The supported verEPSS 0.3%