CWE-708
20 CVEs classified under CWE-708. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40196 | High | 8.1 | 2026-04-17 | HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned t… |
CVE-2021-32689 | High | 8.1 | 2021-07-12 | Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used user… |
CVE-2024-52561 | High | 7.8 | 2025-06-03 | A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtu… |
CVE-2022-22189 | High | 7.3 | 2022-04-14 | An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their perm… |
CVE-2021-32726 | High | 7.1 | 2021-07-12 | Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a u… |
CVE-2023-29122 | Medium | 6.7 | 2024-11-05 | Under certain conditions, access to service libraries is granted to account they should not have access to. |
CVE-2023-20044 | Medium | 6.7 | 2023-01-19 | A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure f… |
CVE-2023-20043 | Medium | 6.7 | 2023-01-19 | A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure f… |
CVE-2024-41773 | Medium | 6.5 | 2024-08-20 | IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls. |
CVE-2024-45417 | Medium | 6.0 | 2025-02-25 | Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of inf… |
CVE-2026-32691 | Medium | 5.3 | 2026-03-18 | A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly ini… |
CVE-2023-4008 | Medium | 5.3 | 2023-08-03 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versio… |
CVE-2024-45426 | Medium | 4.9 | 2025-02-25 | Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. |
CVE-2023-41881 | Low | 3.7 | 2023-10-11 | vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration)… |
CVE-2025-5069 | Low | 3.5 | 2025-09-26 | An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowe… |
CVE-2024-9633 | Low | 3.1 | 2024-11-14 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versio… |
CVE-2025-5467 | | 2025-12-10 | It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibl… | |
CVE-2025-14262 | | 2025-12-08 | A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the jo… | |
CVE-2022-33737 | | 2022-07-06 | The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin… | |
CVE-2021-26248 | | 2021-11-19 | Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |