CWE-250
329 CVEs classified under CWE-250. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-2634 | Critical | 10.0 | 2022-08-10 | An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This c… |
CVE-2022-1517 | Critical | 10.0 | 2022-06-24 | LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an att… |
CVE-2026-48584 | Critical | 9.9 | 2026-06-19 | Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network. |
CVE-2026-50566 | Critical | 9.9 | 2026-06-10 | Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version… |
CVE-2026-44477 | Critical | 9.9 | 2026-05-28 | CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics expor… |
CVE-2026-25212 | Critical | 9.9 | 2026-04-02 | An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights c… |
CVE-2025-32445 | Critical | 9.9 | 2025-04-15 | Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources ca… |
CVE-2024-8767 | Critical | 9.9 | 2024-09-17 | Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WH… |
CVE-2024-3330 | Critical | 9.9 | 2024-06-27 | Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client… |
CVE-2026-34877 | Critical | 9.8 | 2026-04-02 | An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures a… |
CVE-2026-27002 | Critical | 9.8 | 2026-02-20 | OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker option… |
CVE-2025-13375 | Critical | 9.8 | 2026-02-04 | IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the… |
CVE-2025-12420 | Critical | 9.8 | 2026-01-12 | A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operati… |
CVE-2025-33224 | Critical | 9.8 | 2025-12-23 | NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerabi… |
CVE-2025-33223 | Critical | 9.8 | 2025-12-23 | NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerabi… |
CVE-2025-34274 | Critical | 9.8 | 2025-10-30 | Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the r… |
CVE-2025-43017 | Critical | 9.8 | 2025-10-28 | HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential… |
CVE-2025-34515 | Critical | 9.8 | 2025-10-16 | Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.sh that allows an attacke… |
CVE-2025-57119 | Critical | 9.8 | 2025-09-16 | An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function |
CVE-2024-27143 | Critical | 9.8 | 2024-06-14 | Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this… |