CWE-648
65 CVEs classified under CWE-648. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41329 | Critical | 9.9 | 2026-04-21 | OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner… |
CVE-2024-8785 | Critical | 9.8 | 2024-12-02 | In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in… |
CVE-2024-11068 | Critical | 9.8 | 2024-11-11 | The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by lev… |
CVE-2023-4972 | Critical | 9.8 | 2023-09-14 | Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users. This issue affects Digital Yepas: before 1.0.1. |
CVE-2022-2023 | Critical | 9.8 | 2022-06-20 | Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4. |
CVE-2019-14813 | Critical | 9.8 | 2019-09-06 | A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scr… |
CVE-2019-1010178 | Critical | 9.8 | 2019-07-24 | Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/component… |
CVE-2026-41225 | Critical | 9.1 | 2026-05-13 | A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that… |
CVE-2026-41386 | Critical | 9.1 | 2026-04-28 | OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pa… |
CVE-2024-37018 | Critical | 9.1 | 2024-05-31 | The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets. |
CVE-2023-29507 | Critical | 9.1 | 2023-04-16 | XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to… |
CVE-2025-2311 | Critical | 9.0 | 2025-03-20 | Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Te… |
CVE-2026-35669 | High | 8.8 | 2026-04-10 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtim… |
CVE-2026-35663 | High | 8.8 | 2026-04-10 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. A… |
CVE-2026-35639 | High | 8.8 | 2026-04-09 | OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve p… |
CVE-2026-20126 | High | 8.8 | 2026-02-25 | A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying ope… |
CVE-2025-54769 | High | 8.8 | 2025-07-29 | An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This ca… |
CVE-2025-5997 | High | 8.8 | 2025-07-28 | Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse. This issue affects PhishPro: before 7.5.4.2. |
CVE-2025-7344 | High | 8.8 | 2025-07-21 | The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to adminis… |
CVE-2023-28062 | High | 8.8 | 2023-04-11 | Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could p… |