Weaknesses of type CWE-281
210 resultsCVE-2025-43701HIGHImproper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data.
This impaEPSS 0.4%CVE-2024-44211HIGHThis issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-EPSS 0.4%CVE-2024-9333MEDIUMPermission bypass in M-Files Connector for CopilotEPSS 0.4%CVE-2024-44193HIGHA logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to eEPSS 0.4%CVE-2024-33921MEDIUMWordPress ReviewX plugin <= 1.6.21 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-25711HIGHAn issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/adEPSS 0.4%CVE-2024-38361LOWPermissions processing error in spacedbEPSS 0.4%CVE-2025-43700HIGHImproper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data.
This impacts OmEPSS 0.4%CVE-2023-4996MEDIUMLocal privilege escalation EPSS 0.4%CVE-2022-0330—A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code onEPSS 0.4%CVE-2021-20263—A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capabilitEPSS 0.4%CVE-2023-22738MEDIUMImproper Preservation of Permissions in vantage6EPSS 0.4%CVE-2024-50921MEDIUMInsecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeaEPSS 0.4%CVE-2024-50924MEDIUMInsecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the EPSS 0.4%CVE-2024-37575HIGHThe Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phEPSS 0.4%CVE-2024-56317HIGHIn Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then atteEPSS 0.4%CVE-2026-34744MEDIUMMantisBT authorization bypass allows continued access to self-uploaded attachments on private issuesEPSS 0.4%CVE-2025-22620MEDIUMgix-worktree-state nonexclusive checkout sets executable files world-writableEPSS 0.4%CVE-2025-30456HIGHA parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.4 and iPadOS 1EPSS 0.3%CVE-2024-57698HIGHAn issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, EPSS 0.3%