CWE-1220: CWE-1220

CVE-2025-8049 is an access control vulnerability in OpenText Flipper that allows low-privilege users to escalate their privileges within the applicati...

This vulnerability allows a local malicious user with low privileges on Dell PowerProtect DD systems to escalate their privileges through improper acc...

This vulnerability allows a local malicious user with low privileges on Dell PowerProtect DD systems to escalate their privileges, potentially gaining...

This vulnerability allows a privileged attacker to execute arbitrary code at the System Management Mode (SMM) level by exploiting improper input valid...

This vulnerability allows a privileged user on affected Intel Xeon 6 Scalable processors to potentially escalate privileges via adjacent access due to...

This CVE describes a memory corruption vulnerability in Qualcomm's ADSP (Audio Digital Signal Processor) when handling memory allocation from the HLOS...

This vulnerability allows a privileged attacker to bypass System Management Mode (SMM) protections by exploiting improper input validation in SMM hand...

This vulnerability allows a privileged attacker to bypass System Management Mode (SMM) protections through improper input validation in the SMM handle...

This vulnerability in Drupal's Email Contact module allows attackers to bypass access controls through forceful browsing, potentially accessing restri...

An unauthenticated adjacent attacker can send crafted Ethernet frames to Cisco Nexus 3000/9000 Series Switches in standalone NX-OS mode, causing the d...

This vulnerability allows authenticated users in lunary-ai/lunary to delete prompts belonging to other organizations through ID manipulation. The appl...

This UEFI firmware vulnerability in certain Intel processors allows authenticated local users to potentially cause denial of service by exploiting ins...

This vulnerability in IBM Spectrum Fusion HCI allows attackers to perform unauthorized actions in RGW (RADOS Gateway) for Ceph due to improper bucket ...

This vulnerability allows users with developer role in GitLab to exfiltrate protected CI/CD variables via the CI lint feature. It affects GitLab Commu...

This vulnerability in Drupal Paragraphs table module allows attackers to spoof content by manipulating table data due to insufficient access controls....

This vulnerability in Outlook for Android allows attackers to elevate privileges within the app, potentially accessing sensitive data or performing un...

This vulnerability allows authenticated local attackers with CLI access to cause Cisco APIC devices to unexpectedly reload by issuing crafted commands...

This vulnerability allows authenticated GitLab users with specific permissions to remove all project runners from unrelated projects by manipulating G...

ChatLuck's guest user invitation system has insufficient access control, allowing uninvited users to register as guests. This affects all ChatLuck dep...

This vulnerability allows users to bypass IP-based access restrictions in GitLab, potentially exposing sensitive information they shouldn't have acces...

This vulnerability allows authenticated internal users in GitLab to bypass access controls and view internal projects they shouldn't have permission t...

This vulnerability in Cisco ISE allows authenticated read-only administrators to view sensitive passwords that should only be accessible to high-privi...

This vulnerability allows privileged GitLab users to access resource_group information through the API that should have been restricted. It affects Gi...

CVE-2025-8306 is an access control vulnerability in Asseco InfoMedica healthcare management software that allows low-privileged users to obtain encode...