Weaknesses of type CWE-732
690 resultsCVE-2023-34852—PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.EPSS 1.0%CVE-2023-47564HIGHQsync CentralEPSS 1.0%CVE-2020-27836—A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow anEPSS 1.0%CVE-2021-22147—Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated useEPSS 1.0%CVE-2022-28802HIGHCode by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other wEPSS 1.0%CVE-2021-22850MEDIUMHGiga OAKloud Portal - Security MisconfigurationEPSS 1.0%CVE-2024-21915CRITICALRockwell Automation FactoryTalk® Service Platform Elevated Privileges Vulnerability Through Web Service FunctionalityEPSS 1.0%CVE-2020-5417HIGHCloud Controller may allow developers to claim sensitive routesEPSS 1.0%CVE-2022-24872HIGHImproper Access Control in shopwareEPSS 1.0%CVE-2025-6779MEDIUMAn ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This EPSS 1.0%CVE-2024-57520CRITICALInsecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. EPSS 1.0%CVE-2026-25770CRITICALWazuh has Privilege Escalation to Root via Cluster Protocol File WriteEPSS 1.0%CVE-2024-33435CRITICALInsecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and plEPSS 0.9%CVE-2023-30399HIGHInsecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update pacEPSS 0.9%CVE-2021-32526MEDIUMQSAN Storage Manager - Incorrect Permission Assignment for Critical ResourceEPSS 0.9%CVE-2019-3683HIGHkeystone_json_assignment backend granted access to any project for users in user-project-map.jsonEPSS 0.9%CVE-2025-1731HIGHAn incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 EPSS 0.9%CVE-2021-22149—Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alteEPSS 0.9%CVE-2021-22148—Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as EPSS 0.9%CVE-2021-40331HIGHPermissions problem in the Apache Ranger Hive PluginEPSS 0.9%