CWE-250

329 CVEs classified under CWE-250. Browse by severity and year.

Top CVEs for CWE-250
CVESeverityScorePublishedSummary
CVE-2022-2634Critical10.02022-08-10An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This c…
CVE-2022-1517Critical10.02022-06-24LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an att…
CVE-2026-48584Critical9.92026-06-19Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.
CVE-2026-50566Critical9.92026-06-10Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version…
CVE-2026-44477Critical9.92026-05-28CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics expor…
CVE-2026-25212Critical9.92026-04-02An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights c…
CVE-2025-32445Critical9.92025-04-15Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources ca…
CVE-2024-8767Critical9.92024-09-17Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WH…
CVE-2024-3330Critical9.92024-06-27Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client…
CVE-2026-34877Critical9.82026-04-02An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures a…
CVE-2026-27002Critical9.82026-02-20OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker option…
CVE-2025-13375Critical9.82026-02-04IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the…
CVE-2025-12420Critical9.82026-01-12A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operati…
CVE-2025-33224Critical9.82025-12-23NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerabi…
CVE-2025-33223Critical9.82025-12-23NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerabi…
CVE-2025-34274Critical9.82025-10-30Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the r…
CVE-2025-43017Critical9.82025-10-28HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential…
CVE-2025-34515Critical9.82025-10-16Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.sh that allows an attacke…
CVE-2025-57119Critical9.82025-09-16An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function
CVE-2024-27143Critical9.82024-06-14Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this…