CWE-1220

93 CVEs classified under CWE-1220. Browse by severity and year.

Top CVEs for CWE-1220
CVESeverityScorePublishedSummary
CVE-2025-31201Critical9.82025-04-16This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4…
CVE-2022-2475Critical9.82022-10-28Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write…
CVE-2026-6356Critical9.62026-04-22A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, ena…
CVE-2026-6388Critical9.12026-04-15A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenan…
CVE-2025-8053Critical9.12025-10-20Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulne…
CVE-2025-7493Critical9.12025-09-30A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate…
CVE-2025-4404Critical9.12025-06-17A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCano…
CVE-2026-2651Critical9.02026-05-25A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. T…
CVE-2026-40365High8.82026-05-12Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35436High8.82026-05-12Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2025-8049High8.82025-10-20Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulne…
CVE-2025-29987High8.82025-04-03Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulner…
CVE-2023-45217High8.82024-05-16Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privileg…
CVE-2023-40070High8.82024-05-16Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privi…
CVE-2022-36110High8.82022-09-09Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If…
CVE-2026-41326High8.22026-04-24Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0…
CVE-2024-52799High8.22024-11-21Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the w…
CVE-2024-5389High8.12024-06-09In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variatio…
CVE-2023-33127High8.12023-07-11.NET and Visual Studio Elevation of Privilege Vulnerability
CVE-2025-35998High7.92026-02-10Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may all…