CWE-280 · Improper Handling of Insufficient Permissions or Privileges
149 CVEs classified under CWE-280 (Improper Handling of Insufficient Permissions or Privileges). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-46066 | Critical | 9.9 | 2026-01-12 | An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges |
CVE-2024-25108 | Critical | 9.9 | 2024-02-12 | Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to acce… |
CVE-2025-6573 | Critical | 9.8 | 2025-08-09 | Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE). |
CVE-2024-24116 | Critical | 9.8 | 2024-10-02 | An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm. |
CVE-2024-5163 | Critical | 9.8 | 2024-06-17 | Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks. |
CVE-2024-1608 | Critical | 9.1 | 2024-02-20 | In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information le… |
CVE-2026-40371 | High | 8.8 | 2026-06-09 | Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a… |
CVE-2026-24096 | High | 8.8 | 2026-04-01 | Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25… |
CVE-2025-58770 | High | 8.8 | 2025-12-12 | APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploi… |
CVE-2025-8109 | High | 8.8 | 2025-08-04 | Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory. |
CVE-2025-27025 | High | 8.8 | 2025-07-02 | The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication me… |
CVE-2025-31173 | High | 8.8 | 2025-04-07 | Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentialit… |
CVE-2024-6660 | High | 8.8 | 2024-07-17 | The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data tha… |
CVE-2024-36451 | High | 8.8 | 2024-07-10 | Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploite… |
CVE-2023-38298 | High | 8.8 | 2024-04-22 | Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed by any local app on… |
CVE-2024-22078 | High | 8.8 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network… |
CVE-2019-6570 | High | 8.8 | 2019-04-17 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may ac… |
CVE-2026-0047 | High | 8.4 | 2026-03-02 | In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This co… |
CVE-2024-51459 | High | 8.4 | 2025-03-19 | IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions. |
CVE-2026-23857 | High | 8.2 | 2026-02-12 | Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability… |