CWE-270 · Privilege Context Switching Error
26 CVEs classified under CWE-270 (Privilege Context Switching Error). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-37912 | Critical | 10.0 | 2023-10-25 | XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platfor… |
CVE-2023-26475 | Critical | 10.0 | 2023-03-02 | XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context… |
CVE-2024-11263 | Critical | 9.4 | 2024-11-15 | When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is… |
CVE-2021-3493 | High | 8.8 | 2021-04-17 | The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an unde… |
CVE-2025-9408 | High | 8.2 | 2025-11-11 | System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace proce… |
CVE-2017-2663 | High | 8.2 | 2018-07-27 | It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Con… |
CVE-2026-9560 | High | 7.8 | 2026-05-26 | Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privil… |
CVE-2025-60721 | High | 7.8 | 2025-11-11 | Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. |
CVE-2026-34853 | High | 7.7 | 2026-04-13 | Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability. |
CVE-2019-14819 | High | 7.5 | 2020-01-07 | A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the curre… |
CVE-2024-36513 | High | 7.4 | 2024-11-12 | A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allo… |
CVE-2024-12570 | Medium | 6.7 | 2024-12-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6… |
CVE-2024-8641 | Medium | 6.7 | 2024-09-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3… |
CVE-2025-26499 | Medium | 6.0 | 2025-09-11 | Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a to… |
CVE-2025-46406 | Medium | 5.6 | 2025-07-10 | A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform… |
CVE-2024-47173 | Medium | 5.5 | 2024-10-24 | Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affect… |
CVE-2024-37294 | Medium | 5.5 | 2024-06-11 | Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a pote… |
CVE-2024-51987 | Medium | 5.4 | 2024-11-07 | Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by `AddUserAcces… |
CVE-2025-55210 | | 2026-02-12 | FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api (PBX API) is vulnerab… | |
CVE-2025-49583 | | 2025-06-13 | XWiki is a generic wiki platform. When a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object… |