CWE-286
24 CVEs classified under CWE-286. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-48853 | Critical | 9.0 | 2025-05-22 | An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue aff… |
CVE-2026-35638 | High | 8.8 | 2026-04-09 | OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileg… |
CVE-2025-59943 | High | 8.1 | 2025-10-03 | phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration… |
CVE-2024-28020 | High | 8.0 | 2024-06-11 | A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the… |
CVE-2023-25519 | High | 7.8 | 2023-09-12 | NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management e… |
CVE-2024-9312 | High | 7.5 | 2024-10-10 | Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another u… |
CVE-2021-21553 | High | 7.3 | 2021-08-02 | Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user… |
CVE-2023-20253 | High | 7.1 | 2023-09-27 | A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authori… |
CVE-2024-27269 | Medium | 6.8 | 2024-05-10 | IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Forc… |
CVE-2022-32260 | Medium | 6.5 | 2022-06-14 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for… |
CVE-2022-45857 | Medium | 6.0 | 2023-01-05 | An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a Fort… |
CVE-2023-0857 | Medium | 5.9 | 2023-05-11 | Unintentional change of settings during initial registration of system administrators which uses control protocols. The affected Office / Small Office Multifun… |
CVE-2024-46671 | Medium | 5.6 | 2025-04-08 | An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and… |
CVE-2023-3115 | Medium | 5.4 | 2023-09-29 | An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16… |
CVE-2023-3914 | Medium | 5.4 | 2023-09-29 | A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects… |
CVE-2023-3932 | Medium | 5.3 | 2023-08-03 | An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions… |
CVE-2024-45425 | Medium | 4.9 | 2025-02-25 | Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. |
CVE-2023-3907 | Medium | 4.9 | 2023-12-17 | A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a pro… |
CVE-2024-6356 | Medium | 4.4 | 2025-02-05 | An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prio… |
CVE-2024-52359 | Medium | 4.3 | 2024-11-19 | IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrato… |