CWE-267 · Privilege Defined With Unsafe Actions
49 CVEs classified under CWE-267 (Privilege Defined With Unsafe Actions). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-22647 | Critical | 9.9 | 2023-06-01 | An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets i… |
CVE-2020-29396 | Critical | 9.9 | 2020-12-22 | A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticate… |
CVE-2025-14349 | High | 8.8 | 2026-02-13 | Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Fu… |
CVE-2024-39866 | High | 8.8 | 2024-07-09 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup… |
CVE-2023-44218 | High | 8.8 | 2023-10-03 | A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level… |
CVE-2021-32739 | High | 8.8 | 2021-07-15 | Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From… |
CVE-2026-42406 | High | 8.7 | 2026-05-13 | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify con… |
CVE-2023-43746 | High | 8.7 | 2023-10-10 | When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP exte… |
CVE-2021-44547 | High | 8.7 | 2023-04-25 | A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalat… |
CVE-2021-23186 | High | 8.7 | 2023-04-25 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database co… |
CVE-2021-23166 | High | 8.7 | 2023-04-25 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on… |
CVE-2026-9560 | High | 7.8 | 2026-05-26 | Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privil… |
CVE-2025-41244 | High | 7.8 | 2025-09-29 | VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having a… |
CVE-2024-7571 | High | 7.8 | 2024-11-12 | Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. |
CVE-2024-47906 | High | 7.8 | 2024-11-12 | Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Ap… |
CVE-2023-32457 | High | 7.5 | 2023-08-29 | Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentia… |
CVE-2024-42365 | High | 7.4 | 2024-08-08 | Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk v… |
CVE-2024-9842 | High | 7.3 | 2024-11-12 | Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. |
CVE-2024-8539 | High | 7.1 | 2024-11-12 | Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. |
CVE-2021-44476 | Medium | 6.8 | 2023-04-25 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the serve… |