CWE-269: Improper Privilege Management

Dell PowerScale InsightIQ version 5.1 contains an improper privilege management vulnerability that allows a high-privileged attacker with local access...

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability that allows a local high-privilege attac...

This vulnerability allows local attackers with existing user privileges to escalate to administrator privileges through arbitrary code execution durin...

This vulnerability in ATF SPM allows attackers to remap physical memory to virtual memory due to a logic error, enabling local privilege escalation. I...

This CVE describes an improper privilege management vulnerability in multiple Fortinet products where authenticated users with read-only admin permiss...

This vulnerability allows attackers to escalate privileges in Rancher when RoleTemplate objects have external=true. Attackers could gain higher permis...

CVE-2024-44540 allows attackers with physical access to Ubiquiti AirMax devices to gain privileged command shell access via the UART debugging port. T...

This vulnerability in Entrust Instant Financial Issuance (formerly Cardwizard) allows attackers to decrypt passwords using static hard-coded AES keys,...

This vulnerability involves inadequate permission management for camera guest accounts in Hanwha Vision cameras, allowing unauthorized access to sensi...

This vulnerability allows authenticated users of HiSecOS 04.0.01 to escalate their privileges to administrative level by sending crafted XML payloads ...

This vulnerability in Intel CIP software allows unprivileged authenticated users to potentially access sensitive information they shouldn't have acces...

A local privilege escalation vulnerability in Oracle VM VirtualBox allows authenticated attackers with low privileges on the host system to access sen...

Creativeitem Academy LMS versions up to 5.13 contain a privilege escalation vulnerability where authenticated users can access instructor-only functio...

CVE-2025-61152 is a JWT authentication bypass vulnerability in python-jose that allows attackers to forge tokens with 'alg=none' and bypass signature ...

CVE-2025-57396 is a privilege escalation vulnerability in Tandoor Recipes where any authenticated user can modify their profile to gain administrative...

A privilege escalation vulnerability in Keycloak allows administrative users with the manage-users role to elevate their privileges to realm-admin whe...

This vulnerability allows attackers to escalate privileges by sending crafted IOCTL commands to the NeacSafe64.sys driver component. It affects system...

The MStore API WordPress plugin allows unauthenticated attackers to register accounts with 'wcfm_vendor' privileges when the WCFM Marketplace plugin i...

A GitHub App installed in organizations could escalate permissions from read to write access without administrator approval. This vulnerability affect...

This vulnerability allows authenticated administrators in Cisco Secure Firewall Management Center to execute arbitrary commands as root via crafted HT...

A privilege escalation vulnerability in Solvait version 24.4.2 allows attackers to bypass approval workflows by manipulating Request ID and Action Typ...

This vulnerability in HP Display Control software allows local attackers to escalate privileges on affected systems. It affects HP computers with the ...

This CVE appears to reference a vulnerability in Rockwell Automation FactoryTalk Policy Manager where improper privilege management (CWE-269) could al...

The Depicter WordPress plugin allows authenticated attackers with contributor-level access or higher to generate valid nonces for any WordPress action...

This vulnerability allows authenticated attackers on Zyxel NAS devices to view administrator session information including cookies via the 'show_allse...

The Jenkins Git server Plugin vulnerability allows attackers with a previously configured SSH public key but lacking Overall/Read permission to access...

CVE-2022-4264 is an incorrect privilege assignment vulnerability in M-Files Web (Classic) that allows low-privilege users to modify certain system con...

A privilege management vulnerability in ZTE GoldenDB allows authenticated users to escalate their privileges beyond intended levels. This affects Gold...

CVE-2025-22621 is an improper access control vulnerability in Splunk App for SOAR where following the official documentation's recommendation to add t...

This vulnerability in Harbor container registry allows authenticated users to modify system configurations due to incorrect permission validation. It ...

The ELEX WordPress HelpDesk plugin has a privilege escalation vulnerability that allows authenticated users with Contributor-level access or higher to...

A privilege escalation vulnerability in Hikvision DVR/NVR devices allows attackers with physical access to gain unrestricted shell access via the seri...

This vulnerability allows local users on macOS systems to escalate privileges to root by exploiting an unauthenticated XPC service in Plugin Alliance ...

A local privilege escalation vulnerability in Plugin Alliance InstallationHelper service allows local users to inject malicious dynamic libraries via ...

A macOS privilege escalation vulnerability allows attackers with root access to delete protected system files, potentially causing system instability ...

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to access sensitive data from the vi...

This vulnerability in Oracle VM VirtualBox 7.1.10 allows a high-privileged attacker with local access to the host system to access sensitive data from...

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to access sensitive data from the vi...

This CVE describes an input parameter verification vulnerability in Huawei background service modules. Attackers could exploit insufficient input vali...

CVE-2022-1804 is a privilege escalation vulnerability in accountsservice where the service fails to drop elevated permissions when writing to .pam_env...

Dell SmartFabric OS10 Software contains an improper privilege management vulnerability (CWE-269) where a low-privileged attacker with local access cou...

A privilege escalation vulnerability in Open Panel v0.3.4 allows remote attackers to gain elevated privileges through the Fix Permissions function. Th...

This vulnerability allows a malicious app to modify other applications without proper App Management permission on Apple devices. It affects iOS, iPad...

CVE-2025-24805 is an improper privilege management vulnerability in Mobile Security Framework (MobSF) where local users with minimal privileges can mi...

A vulnerability in the NetExtender Windows client's log export function allows unauthorized access to sensitive Windows system files. This could enabl...

A privilege escalation vulnerability in Palo Alto Networks Cortex XDR agent on Windows allows low-privileged local users to disable the endpoint prote...

CVE-2025-59790 is an improper privilege management vulnerability in Apache Kvrocks that could allow authenticated users to escalate privileges beyond ...

This vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management allows authenticated attackers with low privileges to perform unauth...

This vulnerability in GoldenDB database allows attackers to bypass privilege restrictions through request manipulation, enabling unauthorized content ...

An improper privilege management vulnerability in ZTE GoldenDB allows authenticated users to escalate their privileges beyond intended levels. This af...