CWE-732 · Incorrect Permission Assignment for Critical Resource

1671 CVEs classified under CWE-732 (Incorrect Permission Assignment for Critical Resource). Browse by severity and year.

Top CVEs for CWE-732
CVESeverityScorePublishedSummary
CVE-2026-42812Critical9.92026-05-04In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. `wr…
CVE-2025-46093Critical9.92025-08-04LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging…
CVE-2025-0066Critical9.92025-01-14Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due…
CVE-2024-5618Critical9.92024-07-18Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Pro…
CVE-2023-40622Critical9.92023-09-12SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view…
CVE-2022-28802Critical9.92022-09-21Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapie…
CVE-2021-33509Critical9.92021-05-21Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
CVE-2026-21902Critical9.82026-02-25An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Se…
CVE-2025-34212Critical9.82025-09-29Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess …
CVE-2025-34206Critical9.82025-09-19Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/w…
CVE-2025-8042Critical9.82025-08-19Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability was fixed in Firefox 141.
CVE-2012-10030Critical9.82025-08-05FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system director…
CVE-2025-45150Critical9.82025-08-01Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request.
CVE-2025-43243Critical9.82025-07-30A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app ma…
CVE-2025-25373Critical9.82025-03-25The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform.
CVE-2024-57520Critical9.82025-02-05Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is dispu…
CVE-2024-41647Critical9.82024-12-06Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a cra…
CVE-2024-10018Critical9.82024-10-16Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component.
CVE-2024-24117Critical9.82024-10-02Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check stat…
CVE-2024-6360Critical9.82024-10-02Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privi…