CWE-281 · Improper Preservation of Permissions
335 CVEs classified under CWE-281 (Improper Preservation of Permissions). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-36532 | Critical | 10.0 | 2024-06-21 | Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. |
CVE-2024-56973 | Critical | 9.8 | 2025-02-14 | Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the sourc… |
CVE-2024-46622 | Critical | 9.8 | 2025-01-06 | An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18… |
CVE-2024-55507 | Critical | 9.8 | 2025-01-03 | An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component. |
CVE-2024-54465 | Critical | 9.8 | 2024-12-12 | A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges. |
CVE-2024-41650 | Critical | 9.8 | 2024-12-06 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a cra… |
CVE-2024-41649 | Critical | 9.8 | 2024-12-06 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a cra… |
CVE-2024-41648 | Critical | 9.8 | 2024-12-06 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a cra… |
CVE-2024-41646 | Critical | 9.8 | 2024-12-06 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a cra… |
CVE-2024-41645 | Critical | 9.8 | 2024-12-06 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a cra… |
CVE-2024-41644 | Critical | 9.8 | 2024-12-06 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the d… |
CVE-2023-47463 | Critical | 9.8 | 2023-11-30 | Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the… |
CVE-2020-36070 | Critical | 9.8 | 2023-04-26 | Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media com… |
CVE-2021-33990 | Critical | 9.8 | 2023-04-16 | Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the… |
CVE-2023-28668 | Critical | 9.8 | 2023-04-02 | Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled. |
CVE-2021-29971 | Critical | 9.8 | 2021-08-05 | If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted… |
CVE-2020-18890 | Critical | 9.8 | 2021-05-06 | Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.ph… |
CVE-2018-4115 | Critical | 9.8 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before… |
CVE-2017-8589 | Critical | 9.8 | 2017-07-11 | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and… |
CVE-2017-8543 | Critical | 9.8 | 2017-06-15 | Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1… |