Login Sign Up

CWE-270: CWE-270

10
Total CVEs
3
Critical
4
High
8.0
Avg CVSS

Yearly Trend

2026
1
2025
3
2024
4
2023
2

Top Affected Vendors

1 Gitlab 2
2 Fortinet 1
3 Sangoma 1
4 Microsoft 1
5 Apache 1
6 Xwiki 1
7 Zephyrproject 1

All CWE-270 CVEs (10)

CVE-2023-37912
9.9

This vulnerability in XWiki's footnote macro allows privilege escalation from a standard user account to programming rights, leading to remote code ex...

Oct 25, 2023
CVE-2023-25754
9.8

CVE-2023-25754 is a privilege context switching error in Apache Airflow that allows authenticated users to execute arbitrary code with elevated privil...

May 8, 2023
CVE-2024-11263
9.3

This vulnerability in RISC-V systems with Global Pointer relative addressing enabled allows attackers to manipulate memory addressing, potentially lea...

Nov 15, 2024
CVE-2024-36513
8.2

This vulnerability in FortiClient for Windows allows authenticated users to escalate privileges through Lua auto patch scripts. It affects FortiClient...

Nov 12, 2024
CVE-2025-9408
8.1

A race condition in system call entry on Cortex-M processors allows malicious userspace processes to escalate privileges and execute arbitrary code wi...

Nov 11, 2025
CVE-2025-60721
7.8

This vulnerability allows an authorized attacker with local access to a Windows system to elevate privileges by exploiting a privilege context switchi...

Nov 11, 2025
CVE-2025-55210
7.5

This vulnerability allows authenticated users with REST/GraphQL API access in FreePBX to escalate privileges by forging JWTs using the api-oauth.key p...

Feb 12, 2026
CVE-2024-12570
6.7

This vulnerability allows an attacker who obtains a victim's CI_JOB_TOKEN to potentially steal the victim's GitLab session token. This affects GitLab ...

Dec 12, 2024
CVE-2024-8641
6.7

This vulnerability allows an attacker who obtains a victim's CI_JOB_TOKEN to potentially steal the victim's GitLab session token. This affects GitLab ...

Sep 12, 2024
CVE-2025-26499
6.0

A race condition vulnerability in authentication/token refresh operations under heavy system load can cause user impersonation. When two users concurr...

Sep 11, 2025

About CWE-270 (CWE-270)

Our database tracks 10 CVEs classified as CWE-270, with 3 rated critical and 4 rated high severity. The average CVSS score for CWE-270 vulnerabilities is 8.0.

External reference: View CWE-270 on MITRE CWE →

Monitor CWE-270 Vulnerabilities

Get alerted when new CWE-270 CVEs affect your infrastructure.

Start Monitoring Free