CWE-282
27 CVEs classified under CWE-282. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-23514 | High | 8.8 | 2026-03-25 | Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to a… |
CVE-2020-10632 | High | 8.8 | 2022-02-24 | Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could ca… |
CVE-2025-27254 | High | 8.0 | 2025-03-10 | CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled b… |
CVE-2024-39755 | High | 7.8 | 2024-10-03 | A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file can lead to execute priv… |
CVE-2024-37999 | High | 7.8 | 2024-07-08 | A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privile… |
CVE-2022-29187 | High | 7.8 | 2022-07-12 | Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privil… |
CVE-2025-57732 | High | 7.5 | 2025-08-20 | In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership |
CVE-2024-3383 | High | 7.4 | 2024-04-10 | A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID group… |
CVE-2022-0026 | Medium | 6.7 | 2022-05-11 | A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with… |
CVE-2024-47816 | Medium | 6.4 | 2024-10-09 | ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests… |
CVE-2026-40214 | Medium | 6.3 | 2026-05-07 | In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is… |
CVE-2024-8949 | Medium | 6.3 | 2024-09-17 | A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php o… |
CVE-2024-45104 | Medium | 6.3 | 2024-09-13 | A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially cr… |
CVE-2023-7226 | Medium | 6.3 | 2024-01-11 | A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/… |
CVE-2024-43176 | Medium | 5.4 | 2025-01-09 | IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. |
CVE-2025-32946 | Medium | 5.3 | 2025-04-15 | This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code sets the owner of the… |
CVE-2025-1112 | Medium | 4.3 | 2025-07-09 | IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users. |
CVE-2025-3629 | Medium | 4.3 | 2025-06-21 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership man… |
CVE-2025-32945 | Medium | 4.3 | 2025-04-15 | The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the… |
CVE-2024-45103 | Medium | 4.3 | 2024-09-13 | A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. |