CWE-269 · Improper Privilege Management

2842 CVEs classified under CWE-269 (Improper Privilege Management). Browse by severity and year.

Top CVEs for CWE-269
CVESeverityScorePublishedSummary
CVE-2026-31852Critical10.02026-03-11Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pu…
CVE-2025-20282Critical10.02025-06-25A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected devi…
CVE-2025-0505Critical10.02025-05-08On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision sys…
CVE-2023-48418Critical10.02024-01-02In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a     possible way to access adb before SUW completion due to an insecure default     value…
CVE-2023-48419Critical10.02024-01-02An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege 
CVE-2023-31273Critical10.02023-11-14Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via…
CVE-2022-1517Critical10.02022-06-24LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an att…
CVE-2022-24783Critical10.02022-03-25Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicio…
CVE-2021-39168Critical10.02021-08-27OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to…
CVE-2021-39167Critical10.02021-08-27OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to…
CVE-2021-1388Critical10.02021-02-24A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remo…
CVE-2020-36155Critical10.02021-01-04An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could su…
CVE-2018-4310Critical10.02019-04-03An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
CVE-2026-58053Critical9.92026-06-28Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfig and, when…
CVE-2026-46964Critical9.92026-06-17Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions t…
CVE-2026-46933Critical9.92026-06-17Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are…
CVE-2026-46901Critical9.92026-06-17Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are…
CVE-2026-46900Critical9.92026-06-17Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are…
CVE-2026-46895Critical9.92026-06-17Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are…
CVE-2026-46893Critical9.92026-06-17Vulnerability in the JD Edwards EnterpriseOne General Ledger product of Oracle JD Edwards (component: E1 Foundation). The supported version that is affected…