CWE-1220
93 CVEs classified under CWE-1220. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-31201 | Critical | 9.8 | 2025-04-16 | This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4… |
CVE-2022-2475 | Critical | 9.8 | 2022-10-28 | Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write… |
CVE-2026-6356 | Critical | 9.6 | 2026-04-22 | A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, ena… |
CVE-2026-6388 | Critical | 9.1 | 2026-04-15 | A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenan… |
CVE-2025-8053 | Critical | 9.1 | 2025-10-20 | Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulne… |
CVE-2025-7493 | Critical | 9.1 | 2025-09-30 | A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate… |
CVE-2025-4404 | Critical | 9.1 | 2025-06-17 | A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCano… |
CVE-2026-2651 | Critical | 9.0 | 2026-05-25 | A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. T… |
CVE-2026-40365 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-35436 | High | 8.8 | 2026-05-12 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. |
CVE-2025-8049 | High | 8.8 | 2025-10-20 | Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulne… |
CVE-2025-29987 | High | 8.8 | 2025-04-03 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulner… |
CVE-2023-45217 | High | 8.8 | 2024-05-16 | Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privileg… |
CVE-2023-40070 | High | 8.8 | 2024-05-16 | Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privi… |
CVE-2022-36110 | High | 8.8 | 2022-09-09 | Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If… |
CVE-2026-41326 | High | 8.2 | 2026-04-24 | Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0… |
CVE-2024-52799 | High | 8.2 | 2024-11-21 | Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the w… |
CVE-2024-5389 | High | 8.1 | 2024-06-09 | In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variatio… |
CVE-2023-33127 | High | 8.1 | 2023-07-11 | .NET and Visual Studio Elevation of Privilege Vulnerability |
CVE-2025-35998 | High | 7.9 | 2026-02-10 | Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may all… |