CWE-280 · Improper Handling of Insufficient Permissions or Privileges

149 CVEs classified under CWE-280 (Improper Handling of Insufficient Permissions or Privileges). Browse by severity and year.

Top CVEs for CWE-280
CVESeverityScorePublishedSummary
CVE-2025-46066Critical9.92026-01-12An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges
CVE-2024-25108Critical9.92024-02-12Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to acce…
CVE-2025-6573Critical9.82025-08-09Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE).
CVE-2024-24116Critical9.82024-10-02An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.
CVE-2024-5163Critical9.82024-06-17Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.
CVE-2024-1608Critical9.12024-02-20In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information le…
CVE-2026-40371High8.82026-06-09Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a…
CVE-2026-24096High8.82026-04-01Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25…
CVE-2025-58770High8.82025-12-12APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploi…
CVE-2025-8109High8.82025-08-04Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory.
CVE-2025-27025High8.82025-07-02The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication me…
CVE-2025-31173High8.82025-04-07Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentialit…
CVE-2024-6660High8.82024-07-17The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data tha…
CVE-2024-36451High8.82024-07-10Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploite…
CVE-2023-38298High8.82024-04-22Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed by any local app on…
CVE-2024-22078High8.82024-03-20An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network…
CVE-2019-6570High8.82019-04-17A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may ac…
CVE-2026-0047High8.42026-03-02In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This co…
CVE-2024-51459High8.42025-03-19IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.
CVE-2026-23857High8.22026-02-12Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability…