Weaknesses of type CWE-732
690 resultsCVE-2025-21523MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8EPSS 0.9%CVE-2017-20148CRITICALIn the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the loEPSS 0.9%CVE-2021-35248MEDIUMUnrestricted access to Orion.UserSettings SWIS entity for low-privilege usersEPSS 0.9%CVE-2023-28346HIGHAn issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API EPSS 0.9%CVE-2022-48257MEDIUMIn Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp.EPSS 0.9%CVE-2023-0757CRITICALPhoenix Contact ProConOS prone to Incorrect Permission Assignment for Critical ResourceEPSS 0.9%CVE-2023-31748HIGHInsecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file.EPSS 0.9%CVE-2023-46141CRITICALPhoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical ResourceEPSS 0.9%CVE-2017-8450—X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a doEPSS 0.9%CVE-2021-38475HIGHAUVESY VersiondogEPSS 0.9%CVE-2017-8449—X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grantEPSS 0.8%CVE-2023-32992HIGHMissing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send EPSS 0.8%CVE-2021-22284HIGHSECURITY - OPC Server for AC 800M - Remote Code Execution VulnerabilityEPSS 0.8%CVE-2023-39338MEDIUMEnables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the senEPSS 0.8%CVE-2014-125121CRITICALArray Networks vAPV and vxAG Default Credential Privilege EscalationEPSS 0.8%CVE-2021-37306HIGHAn Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive informaEPSS 0.8%CVE-2021-22716HIGHA CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could allow remote code execution when an unpriviEPSS 0.8%CVE-2017-20198CRITICALDC/OS Marathon UI < 1.9.0 Unauthenticated RCE via Docker Mount AbuseEPSS 0.8%CVE-2021-4199HIGHIncorrect Permission Assignment for Critical Resource vulnerability in BDReinit.exe (VA-10017)EPSS 0.8%CVE-2021-3557—A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argEPSS 0.8%