CWE-281 · Improper Preservation of Permissions

335 CVEs classified under CWE-281 (Improper Preservation of Permissions). Browse by severity and year.

Top CVEs for CWE-281
CVESeverityScorePublishedSummary
CVE-2024-36532Critical10.02024-06-21Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
CVE-2024-56973Critical9.82025-02-14Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the sourc…
CVE-2024-46622Critical9.82025-01-06An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18…
CVE-2024-55507Critical9.82025-01-03An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component.
CVE-2024-54465Critical9.82024-12-12A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges.
CVE-2024-41650Critical9.82024-12-06Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a cra…
CVE-2024-41649Critical9.82024-12-06Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a cra…
CVE-2024-41648Critical9.82024-12-06Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a cra…
CVE-2024-41646Critical9.82024-12-06Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a cra…
CVE-2024-41645Critical9.82024-12-06Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a cra…
CVE-2024-41644Critical9.82024-12-06Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the d…
CVE-2023-47463Critical9.82023-11-30Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the…
CVE-2020-36070Critical9.82023-04-26Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media com…
CVE-2021-33990Critical9.82023-04-16Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the…
CVE-2023-28668Critical9.82023-04-02Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled.
CVE-2021-29971Critical9.82021-08-05If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted…
CVE-2020-18890Critical9.82021-05-06Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.ph…
CVE-2018-4115Critical9.82018-04-03An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before…
CVE-2017-8589Critical9.82017-07-11Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and…
CVE-2017-8543Critical9.82017-06-15Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1…