CWE-269 · Improper Privilege Management
2842 CVEs classified under CWE-269 (Improper Privilege Management). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-31852 | Critical | 10.0 | 2026-03-11 | Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pu… |
CVE-2025-20282 | Critical | 10.0 | 2025-06-25 | A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected devi… |
CVE-2025-0505 | Critical | 10.0 | 2025-05-08 | On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision sys… |
CVE-2023-48418 | Critical | 10.0 | 2024-01-02 | In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value… |
CVE-2023-48419 | Critical | 10.0 | 2024-01-02 | An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege |
CVE-2023-31273 | Critical | 10.0 | 2023-11-14 | Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via… |
CVE-2022-1517 | Critical | 10.0 | 2022-06-24 | LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an att… |
CVE-2022-24783 | Critical | 10.0 | 2022-03-25 | Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicio… |
CVE-2021-39168 | Critical | 10.0 | 2021-08-27 | OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to… |
CVE-2021-39167 | Critical | 10.0 | 2021-08-27 | OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to… |
CVE-2021-1388 | Critical | 10.0 | 2021-02-24 | A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remo… |
CVE-2020-36155 | Critical | 10.0 | 2021-01-04 | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could su… |
CVE-2018-4310 | Critical | 10.0 | 2019-04-03 | An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14. |
CVE-2026-58053 | Critical | 9.9 | 2026-06-28 | Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfig and, when… |
CVE-2026-46964 | Critical | 9.9 | 2026-06-17 | Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions t… |
CVE-2026-46933 | Critical | 9.9 | 2026-06-17 | Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are… |
CVE-2026-46901 | Critical | 9.9 | 2026-06-17 | Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are… |
CVE-2026-46900 | Critical | 9.9 | 2026-06-17 | Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are… |
CVE-2026-46895 | Critical | 9.9 | 2026-06-17 | Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are… |
CVE-2026-46893 | Critical | 9.9 | 2026-06-17 | Vulnerability in the JD Edwards EnterpriseOne General Ledger product of Oracle JD Edwards (component: E1 Foundation). The supported version that is affected… |