Login Sign Up

CWE-276: CWE-276

426
Total CVEs
59
Critical
273
High
7.6
Avg CVSS

Yearly Trend

2026
30
2025
139
2024
124
2023
57
2022
30

Top Affected Vendors

1 Google 38
2 Apple 25
3 Huawei 15
4 Intel 13
5 Dell 10
6 Amd 6
7 Oracle 5
8 Ivanti 5
9 Juniper 5
10 Debian 4

All CWE-276 CVEs (426)

CVE-2024-57548
9.1

CMSimple 5.16 contains a broken access control vulnerability that allows authenticated users to edit the log.php file via the print page functionality...

Jan 27, 2025
CVE-2024-55959
9.1

CVE-2024-55959 is an insecure permissions vulnerability in Northern.tech Mender Client that allows local users to escalate privileges or modify system...

Jan 21, 2025
CVE-2024-46505
9.1

Infoblox BloxOne v2.4 contains a business logic flaw in its thick client that could allow attackers to bypass intended security controls. This affects...

Jan 9, 2025
CVE-2019-20457
9.1

This vulnerability allows unauthenticated attackers to retrieve the MD5 hash of the printer's web interface password through failed login attempts. At...

Nov 7, 2024
CVE-2024-30415
9.1

This CVE describes an improper permission control vulnerability in the window management module of Huawei/HarmonyOS devices. Successful exploitation a...

Apr 7, 2024
CVE-2022-34737
9.1

CVE-2022-34737 is a critical permission assignment vulnerability in Huawei's application security module that allows attackers to bypass intended acce...

Jul 12, 2022
CVE-2021-39635
9.1

CVE-2021-39635 is a critical privilege escalation vulnerability in the ims_ex system service on Unisoc-powered Android devices. It allows unprivileged...

Feb 11, 2022
CVE-2021-44140
9.1

CVE-2021-44140 is a critical vulnerability in Apache JSPWiki that allows remote attackers to delete arbitrary files on the server by sending a special...

Nov 24, 2021
CVE-2021-31217
9.1

This vulnerability in SolarWinds DameWare Mini Remote Control Server allows attackers with local access to delete files with SYSTEM privileges due to ...

Jul 13, 2021
CVE-2025-10314
8.8

This vulnerability allows a local attacker to replace service executable files or DLLs in the FREQSHIP-mini installation directory with malicious file...

Feb 5, 2026
CVE-2021-47852
8.8

Rockstar Games Launcher version 1.0.37.349 has insecure file permissions on its RockstarService.exe that allow authenticated users to replace it with ...

Jan 21, 2026
CVE-2025-62577
8.8

ETERNUS SF storage management software contains an incorrect default permissions vulnerability that allows low-privileged users to access database cre...

Oct 20, 2025
CVE-2025-24399
8.8

This vulnerability allows attackers to bypass authentication on Jenkins instances by exploiting case-insensitive username matching. Attackers can log ...

Jan 22, 2025
CVE-2024-46624
8.8

This vulnerability in InfoDom Performa 365 allows authenticated attackers to escalate their privileges to Administrator by sending a crafted payload t...

Dec 3, 2024
CVE-2024-11969
8.8

CVE-2024-11969 is an insecure file permissions vulnerability in NetCloud Exchange client for Windows that allows any local user to gain full control o...

Nov 28, 2024
CVE-2024-51162
8.8

A privilege escalation vulnerability in Audimex EE allows any authenticated user to dump the entire database, exposing password hashes, audit data, an...

Nov 20, 2024
CVE-2024-48292
8.8

This vulnerability in QuickHeal Antivirus allows authenticated attackers to escalate privileges through the wssrvc.exe service. Attackers with standar...

Nov 18, 2024
CVE-2024-42028
8.8

A local privilege escalation vulnerability in UniFi Network Application allows authenticated local users to execute high-privilege actions on the UniF...

Oct 28, 2024
CVE-2024-47014
8.8

This vulnerability allows local attackers to escalate privileges on Google Pixel devices by exploiting a flaw in the ABL (Android Boot Loader) compone...

Oct 25, 2024
CVE-2024-48822
8.8

This vulnerability allows remote attackers to escalate privileges in Automatic Systems Maintenance SlimLane software via the FtpConfig.php page. Attac...

Oct 14, 2024
CVE-2024-39924
8.8

This vulnerability allows an attacker with emergency access to a Vaultwarden vault to escalate privileges from read-only to full control. By exploitin...

Sep 13, 2024
CVE-2024-42681
8.8

CVE-2024-42681 is an insecure permissions vulnerability in xxl-job v2.4.1 that allows remote attackers to execute arbitrary code via the Sub-Task ID c...

Aug 15, 2024
CVE-2024-6148
8.8

This vulnerability allows attackers to bypass GACS (Gateway Authentication and Control Service) policy configurations in Citrix Workspace app for HTML...

Jul 10, 2024
CVE-2024-3904
8.8

This vulnerability allows local attackers to execute arbitrary code on Mitsubishi Electric MELIPC Series MI5122-VW devices by placing malicious files ...

Jul 4, 2024
CVE-2021-3187
8.8

This vulnerability allows authenticated, unprivileged users on macOS systems to elevate their privileges to root during software installation. It affe...

Dec 11, 2023
CVE-2023-47250
8.8

This vulnerability in m-privacy TightGate-Pro Server allows authenticated attackers with VNC session access to bypass access controls on X11 server so...

Nov 22, 2023
CVE-2023-43496
8.8

This vulnerability in Jenkins allows attackers with access to the system temporary directory to replace plugin files during installation from a URL, p...

Sep 20, 2023
CVE-2023-4664
8.8

Saphira Connect versions before 9 have incorrect default permissions that allow local users to escalate privileges. This vulnerability affects all sys...

Sep 15, 2023
CVE-2023-22951
8.8

CVE-2023-22951 is an authentication bypass vulnerability in TigerGraph Enterprise Free Edition where an internal authentication token is stored in a r...

Apr 13, 2023
CVE-2023-25355
8.8

CVE-2023-25355 is an insecure permissions vulnerability in CoreDial sipXcom that allows privilege escalation. Users with daemon-level command executio...

Apr 4, 2023
CVE-2021-34164
8.8

This vulnerability in LIZHIFAKA v2.2.0 allows authenticated attackers to execute arbitrary commands through the set password function in the admin int...

Feb 17, 2023
CVE-2021-41635
8.8

CVE-2021-41635 is a privilege escalation vulnerability in MELAG FTP Server 2.2.0.4, where the service runs as SYSTEM on Windows, allowing remote attac...

Jun 24, 2022
CVE-2022-29376
8.8

XAMPP for Windows versions 8.1.4 and below have insecure default permissions on their installation directory, allowing attackers with local access to ...

May 23, 2022
CVE-2022-28999
8.8

CVE-2022-28999 is an insecure permissions vulnerability in Dev-C++ 4.9.9.2 that allows attackers to overwrite the devcpp.exe binary with malicious cod...

May 23, 2022
CVE-2021-40904
8.8

CVE-2021-40904 allows remote code execution through the CheckMK web management console by exploiting a misconfiguration in the default Dokuwiki instal...

Mar 25, 2022
CVE-2021-40388
8.8

This vulnerability allows local attackers to escalate privileges to SYSTEM authority on Windows systems running Advantech SQ Manager Server 1.0.6 by r...

Jan 28, 2022
CVE-2021-40396
8.8

This CVE describes a local privilege escalation vulnerability in Advantech DeviceOn/iService 1.1.7 where an attacker can replace system files with mal...

Jan 28, 2022
CVE-2021-45335
8.8

This vulnerability in Avast Antivirus allows local users to manipulate the sandbox component's permissions to control scan outcomes, potentially evadi...

Dec 27, 2021
CVE-2021-42098
8.8

This vulnerability in Devolutions Remote Desktop Manager allows attackers to bypass permission checks via batch custom PowerShell scripts. Attackers c...

Oct 18, 2021
CVE-2020-5353
8.8

This vulnerability allows attackers to spoof their UID over NFS to gain write access to the admin home directory on affected Dell Isilon/PowerScale sy...

Jul 29, 2021
CVE-2020-28906
8.8

This vulnerability allows low-privileged users in Nagios XI and Nagios Fusion to modify files that are later executed with root privileges, enabling p...

May 24, 2021
CVE-2025-8432
8.4

This vulnerability allows a CentreonBI user account to embed scripts within scripts on the MBI server due to incorrect default permissions. It affects...

Oct 27, 2025
CVE-2021-27285
8.4

This vulnerability in Inspur ClusterEngine v4.0 allows attackers to escalate local privileges and execute arbitrary commands via the getJobsByShell bi...

Jan 6, 2025
CVE-2023-50975
8.4

This vulnerability in TD Bank's TD Advanced Dashboard client for macOS allows arbitrary code execution because the application doesn't disable the ELE...

Feb 21, 2024
CVE-2023-7235
8.4

This vulnerability allows attackers to replace OpenVPN binaries with malicious executables when OpenVPN is installed to a non-standard directory. It a...

Feb 21, 2024
CVE-2023-44194
8.4

An incorrect default permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to create a backdoor ...

Oct 13, 2023
CVE-2023-3440
8.4

This CVE-2023-3440 is an incorrect default permissions vulnerability in Hitachi JP1/Performance Management on Windows that allows file manipulation. A...

Oct 3, 2023
CVE-2022-25776
8.3

CVE-2022-25776 is an authorization bypass vulnerability in Mautic where authenticated users can access unauthorized application areas. This allows una...

Sep 18, 2024
CVE-2025-32091
8.2

Incorrect default permissions in firmware for Intel Arc B-series GPUs allow local attackers with existing privileged access to escalate privileges via...

Nov 11, 2025
CVE-2024-45067
8.2

This vulnerability in Intel Gaudi software installers allows authenticated local users to escalate privileges due to incorrect default file permission...

May 14, 2025

About CWE-276 (CWE-276)

Our database tracks 426 CVEs classified as CWE-276, with 59 rated critical and 273 rated high severity. The average CVSS score for CWE-276 vulnerabilities is 7.6.

External reference: View CWE-276 on MITRE CWE →

Monitor CWE-276 Vulnerabilities

Get alerted when new CWE-276 CVEs affect your infrastructure.

Start Monitoring Free