Weaknesses of type CWE-276
905 resultsCVE-2020-13599LOWSecurity problem with settings and littlefsEPSS 0.2%CVE-2023-42133MEDIUMPAX Android based POS devices allow for escalation of privilege via improperly configured scripts.
An attacker must have shell access with EPSS 0.2%CVE-2024-35139MEDIUMIBM Security Access Manager Docker information disclosureEPSS 0.2%CVE-2021-0093MEDIUMIncorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of serEPSS 0.2%CVE-2025-64436MEDIUMKubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between NodesEPSS 0.2%CVE-2024-24828MEDIUMLocal Privilege Escalation in execuatables bundled by pkgEPSS 0.2%CVE-2024-21939HIGHIncorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieEPSS 0.2%CVE-2023-50975HIGHThe TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsREPSS 0.2%CVE-2025-24277HIGHA parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4, mEPSS 0.2%CVE-2024-22085MEDIUMAn issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable.EPSS 0.2%CVE-2024-9167HIGHUnder specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attackeEPSS 0.2%CVE-2024-38499HIGHImproper Privilege Management Vulnerability in CA Client Automation 14.5EPSS 0.2%CVE-2024-52867HIGHguix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata EPSS 0.2%CVE-2025-55132LOWA flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via `futimes()` even when the process EPSS 0.2%CVE-2025-48070LOWPlane has insecure permissions in UserSerializerEPSS 0.2%CVE-2024-47014HIGHAndroid before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292.EPSS 0.2%CVE-2024-38459HIGHlangchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; thEPSS 0.2%CVE-2024-21938HIGHIncorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directEPSS 0.2%CVE-2022-45153HIGHsaphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.slsEPSS 0.2%CVE-2021-3917—A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. TEPSS 0.2%