CWE-264

5486 CVEs classified under CWE-264. Browse by severity and year.

Top CVEs for CWE-264
CVESeverityScorePublishedSummary
CVE-2016-8363Critical10.02017-02-13An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2…
CVE-2016-7457Critical10.02016-12-29VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecif…
CVE-2015-7425Critical10.02016-02-21The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protec…
CVE-2015-8267Critical10.02015-12-24The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote…
CVE-2015-7919Critical10.02015-12-21SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecifie…
CVE-2017-12251Critical9.92017-10-19A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with t…
CVE-2016-6903Critical9.92017-04-24lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.
CVE-2016-6902Critical9.92017-04-24lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.
CVE-2016-9269Critical9.92017-02-21Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linu…
CVE-2015-7411Critical9.92016-03-12The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileg…
CVE-2022-36246Critical9.82023-05-30Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions.
CVE-2022-34149Critical9.82022-08-22Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.
CVE-2022-34487Critical9.82022-07-21Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.
CVE-2022-33198Critical9.82022-07-21Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.
CVE-2021-36879Critical9.82021-09-27Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registrati…
CVE-2020-3227Critical9.82020-06-03A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, rem…
CVE-2019-10709Critical9.82019-09-04AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially priv…
CVE-2016-10935Critical9.82019-08-27The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.
CVE-2016-10923Critical9.82019-08-22The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.
CVE-2016-10922Critical9.82019-08-22The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.