CWE-280: CWE-280
Yearly Trend
Top Affected Vendors
All CWE-280 CVEs (58)
CVE-2023-28114 is a vulnerability in cilium-cli versions before 0.13.2 that removes user permission enforcement on etcd stores when configuring cluste...
Mar 22, 2023Mastodon's streaming server incorrectly allows OAuth clients with valid authentication tokens to subscribe to public timeline events even when those t...
Oct 13, 2025This vulnerability allows authorized ZooKeeper clients to execute snapshot and restore commands without proper permission checks. It affects Apache Zo...
Sep 24, 2025This CVE-2025-59040 vulnerability in Tuleap allows users to see tracker names they shouldn't have access to due to improper permission verification in...
Sep 18, 2025This vulnerability allows software running inside a guest virtual machine to make improper GPU system calls that can block other guest VMs from access...
Jun 27, 2025Appsmith versions before 1.51 allow users with 'App Viewer' permissions to list datasources in workspaces they're invited to, which constitutes an inf...
Mar 25, 2025This vulnerability in Tuleap allows users to see tracker names they should not have access to due to improper handling of permissions. It affects all ...
Oct 14, 2024Dell PowerScale OneFS versions 8.2.x through 9.5.0.x contain an improper permission handling vulnerability that allows low-privileged remote attackers...
Nov 2, 2023About CWE-280 (CWE-280)
Our database tracks 58 CVEs classified as CWE-280, with 5 rated critical and 36 rated high severity. The average CVSS score for CWE-280 vulnerabilities is 7.2.
External reference: View CWE-280 on MITRE CWE →
Monitor CWE-280 Vulnerabilities
Get alerted when new CWE-280 CVEs affect your infrastructure.
Start Monitoring Free