CWE-276 · Incorrect Default Permissions

1519 CVEs classified under CWE-276 (Incorrect Default Permissions). Browse by severity and year.

Top CVEs for CWE-276
CVESeverityScorePublishedSummary
CVE-2022-42150Critical10.02023-10-19TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.
CVE-2020-29492Critical10.02021-01-04Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit th…
CVE-2020-29491Critical10.02021-01-04Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit th…
CVE-2025-40585Critical9.92025-06-10A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow…
CVE-2023-22651Critical9.92023-05-04Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead…
CVE-2019-19896Critical9.92020-01-23In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share o…
CVE-2020-37129Critical9.82026-02-05Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can…
CVE-2025-60262Critical9.82026-01-06An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsft…
CVE-2024-43166Critical9.82025-09-03Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to up…
CVE-2025-8031Critical9.82025-07-22The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability…
CVE-2014-7210Critical9.82025-06-26pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backen…
CVE-2025-6179Critical9.82025-06-16Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and ac…
CVE-2025-4660Critical9.82025-05-13A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is acc…
CVE-2025-30465Critical9.82025-03-31A permissions issue was addressed with improved validation. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sequoia 15.7.2, macOS Sonoma 14.7.5…
CVE-2025-24238Critical9.82025-03-31A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7…
CVE-2025-24207Critical9.82025-03-31A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app ma…
CVE-2025-24195Critical9.82025-03-31An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A user…
CVE-2025-24172Critical9.82025-03-31A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. "…
CVE-2025-25535Critical9.82025-03-26HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request.
CVE-2024-53351Critical9.82025-03-21Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.