CWE-276 · Incorrect Default Permissions
1519 CVEs classified under CWE-276 (Incorrect Default Permissions). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-42150 | Critical | 10.0 | 2023-10-19 | TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape. |
CVE-2020-29492 | Critical | 10.0 | 2021-01-04 | Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit th… |
CVE-2020-29491 | Critical | 10.0 | 2021-01-04 | Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit th… |
CVE-2025-40585 | Critical | 9.9 | 2025-06-10 | A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow… |
CVE-2023-22651 | Critical | 9.9 | 2023-05-04 | Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead… |
CVE-2019-19896 | Critical | 9.9 | 2020-01-23 | In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share o… |
CVE-2020-37129 | Critical | 9.8 | 2026-02-05 | Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can… |
CVE-2025-60262 | Critical | 9.8 | 2026-01-06 | An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsft… |
CVE-2024-43166 | Critical | 9.8 | 2025-09-03 | Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to up… |
CVE-2025-8031 | Critical | 9.8 | 2025-07-22 | The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability… |
CVE-2014-7210 | Critical | 9.8 | 2025-06-26 | pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backen… |
CVE-2025-6179 | Critical | 9.8 | 2025-06-16 | Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and ac… |
CVE-2025-4660 | Critical | 9.8 | 2025-05-13 | A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is acc… |
CVE-2025-30465 | Critical | 9.8 | 2025-03-31 | A permissions issue was addressed with improved validation. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sequoia 15.7.2, macOS Sonoma 14.7.5… |
CVE-2025-24238 | Critical | 9.8 | 2025-03-31 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7… |
CVE-2025-24207 | Critical | 9.8 | 2025-03-31 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app ma… |
CVE-2025-24195 | Critical | 9.8 | 2025-03-31 | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A user… |
CVE-2025-24172 | Critical | 9.8 | 2025-03-31 | A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. "… |
CVE-2025-25535 | Critical | 9.8 | 2025-03-26 | HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request. |
CVE-2024-53351 | Critical | 9.8 | 2025-03-21 | Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges. |