CWE-272
25 CVEs classified under CWE-272. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-24830 | Critical | 10.0 | 2024-02-08 | OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been i… |
CVE-2024-25106 | Critical | 9.1 | 2024-02-08 | OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability h… |
CVE-2025-7722 | High | 8.8 | 2025-07-23 | The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not proper… |
CVE-2024-28824 | High | 8.8 | 2024-03-22 | Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0… |
CVE-2021-26726 | High | 8.8 | 2022-02-16 | A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges… |
CVE-2024-55954 | High | 8.7 | 2025-01-16 | OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint `/api/{org_id}/users/{email_id}` allows an "Admin" role u… |
CVE-2025-47809 | High | 8.2 | 2025-05-16 | Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have… |
CVE-2024-0638 | High | 8.2 | 2024-03-22 | Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0… |
CVE-2024-0798 | High | 8.1 | 2024-02-25 | A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Despite… |
CVE-2024-27165 | High | 7.8 | 2024-06-14 | Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges. As for the affected… |
CVE-2025-49144 | High | 7.3 | 2025-06-23 | Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 instal… |
CVE-2023-32451 | High | 7.3 | 2024-02-06 | Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninst… |
CVE-2023-28047 | High | 7.3 | 2023-04-20 | Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacke… |
CVE-2026-39459 | High | 7.2 | 2026-05-13 | A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the Manager role can create c… |
CVE-2025-8181 | High | 7.2 | 2025-07-26 | A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the… |
CVE-2025-8758 | High | 7.0 | 2025-08-09 | A vulnerability was found in TRENDnet TEW-822DRE FW103B02. It has been classified as problematic. This affects an unknown part of the component vsftpd. The man… |
CVE-2025-8757 | High | 7.0 | 2025-08-09 | A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /server/… |
CVE-2025-1384 | High | 7.0 | 2025-07-13 | Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac S… |
CVE-2023-28046 | Medium | 6.6 | 2023-04-06 | Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attack… |
CVE-2025-68267 | Medium | 6.5 | 2025-12-16 | In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token |