CWE-732 · Incorrect Permission Assignment for Critical Resource
1671 CVEs classified under CWE-732 (Incorrect Permission Assignment for Critical Resource). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42812 | Critical | 9.9 | 2026-05-04 | In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. `wr… |
CVE-2025-46093 | Critical | 9.9 | 2025-08-04 | LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging… |
CVE-2025-0066 | Critical | 9.9 | 2025-01-14 | Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due… |
CVE-2024-5618 | Critical | 9.9 | 2024-07-18 | Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Pro… |
CVE-2023-40622 | Critical | 9.9 | 2023-09-12 | SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view… |
CVE-2022-28802 | Critical | 9.9 | 2022-09-21 | Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapie… |
CVE-2021-33509 | Critical | 9.9 | 2021-05-21 | Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. |
CVE-2026-21902 | Critical | 9.8 | 2026-02-25 | An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Se… |
CVE-2025-34212 | Critical | 9.8 | 2025-09-29 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess … |
CVE-2025-34206 | Critical | 9.8 | 2025-09-19 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/w… |
CVE-2025-8042 | Critical | 9.8 | 2025-08-19 | Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability was fixed in Firefox 141. |
CVE-2012-10030 | Critical | 9.8 | 2025-08-05 | FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system director… |
CVE-2025-45150 | Critical | 9.8 | 2025-08-01 | Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request. |
CVE-2025-43243 | Critical | 9.8 | 2025-07-30 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app ma… |
CVE-2025-25373 | Critical | 9.8 | 2025-03-25 | The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform. |
CVE-2024-57520 | Critical | 9.8 | 2025-02-05 | Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is dispu… |
CVE-2024-41647 | Critical | 9.8 | 2024-12-06 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a cra… |
CVE-2024-10018 | Critical | 9.8 | 2024-10-16 | Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component. |
CVE-2024-24117 | Critical | 9.8 | 2024-10-02 | Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check stat… |
CVE-2024-6360 | Critical | 9.8 | 2024-10-02 | Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privi… |