Login Sign Up

CWE-281: CWE-281

88
Total CVEs
14
Critical
52
High
7.6
Avg CVSS

Yearly Trend

2026
1
2025
35
2024
26
2023
13
2022
5

Top Affected Vendors

1 Apple 14
2 Google 6
3 Mozilla 4
4 Fedoraproject 3
5 Redhat 3
6 Openatom 3
7 Silabs 3
8 Debian 2
9 Zucchetti 2
10 Jenkins 2

All CWE-281 CVEs (88)

CVE-2024-56973
9.8

This vulnerability allows remote attackers to execute arbitrary code on Alvaria Unified IP Unified Director systems by exploiting insecure permissions...

Feb 14, 2025
CVE-2024-46622
9.8

This CVE describes an escalation of privilege vulnerability in SecureAge Security Suite that allows attackers to create, modify, and delete arbitrary ...

Jan 6, 2025
CVE-2024-55507
9.8

A privilege escalation vulnerability in CodeAstro Complaint Management System v1.0 allows remote attackers to gain administrative access via the delet...

Jan 3, 2025
CVE-2024-54465
9.8

This CVE describes a privilege escalation vulnerability in macOS where a malicious application could exploit a logic flaw in state management to gain ...

Dec 12, 2024
CVE-2024-41649
9.8

This CVE describes an insecure permissions vulnerability in ROS2 navigation2 that allows attackers to execute arbitrary code via a crafted script targ...

Dec 6, 2024
CVE-2024-41645
9.8

This CVE describes an insecure permissions vulnerability in ROS2 navigation2's nav2_amcl component that allows attackers to execute arbitrary code via...

Dec 6, 2024
CVE-2023-47463
9.8

This CVE describes an unauthenticated remote code execution vulnerability in GL.iNet AX1800 routers. Attackers can execute arbitrary code without auth...

Nov 30, 2023
CVE-2020-36070
9.8

This vulnerability allows remote attackers to upload malicious PHP files through Voyager's media component, leading to arbitrary code execution on aff...

Apr 26, 2023
CVE-2023-28668
9.8

The Jenkins Role-based Authorization Strategy Plugin vulnerability allows users to retain permissions even after they've been disabled in the system c...

Apr 2, 2023
CVE-2021-29971
9.8

This vulnerability in Firefox for Android allows any webpage running on the same host (regardless of scheme or port) to inherit permissions previously...

Aug 5, 2021
CVE-2020-18890
9.8

This vulnerability allows remote attackers to execute arbitrary code on puppyCMS v5.1 systems due to insecure file permissions in the admin functions....

May 6, 2021
CVE-2025-43698
9.1

This vulnerability allows attackers to bypass field-level security controls in Salesforce OmniStudio FlexCards, potentially accessing sensitive data t...

Jun 10, 2025
CVE-2024-46310
EPSS 77.5% 9.1

This vulnerability allows unauthenticated attackers to read and modify arbitrary user data in Cfx.re FXServer versions v9601 and earlier. Attackers ca...

Jan 13, 2025
CVE-2024-54880
9.1

SeaCMS V13.1 contains an incorrect access control vulnerability that allows attackers to bypass registration limits and create accounts in bulk. This ...

Jan 6, 2025
CVE-2025-25711
8.8

This vulnerability allows remote attackers to escalate privileges in dtp.ae tNexus Airport View version 2.8 by manipulating the ProfileID parameter in...

Mar 12, 2025
CVE-2024-53355
8.8

This CVE describes multiple incorrect access control vulnerabilities in EasyVirt DCScope and CO2Scope management software. Remote authenticated attack...

Jan 31, 2025
CVE-2023-42228
8.8

This vulnerability allows low-privileged users in Pat Infinite Solutions HelpdeskAdvanced to modify their own access control rules by accessing an adm...

Jan 13, 2025
CVE-2024-54818
8.8

CVE-2024-54818 is an incorrect access control vulnerability in SourceCodester Computer Laboratory Management System 1.0 that allows unauthorized acces...

Jan 8, 2025
CVE-2024-50930
8.8

This vulnerability in Silicon Labs Z-Wave Series 500 firmware allows attackers to execute arbitrary code on affected devices. It affects Z-Wave Series...

Dec 10, 2024
CVE-2023-41939
8.8

The Jenkins SSH2 Easy Plugin vulnerability allows users who previously had optional permissions (like Overall/Manage) to retain access to functionalit...

Sep 6, 2023
CVE-2023-34672
8.8

CVE-2023-34672 is an improper access control vulnerability in Elenos ETG150 FM transmitters running version 3.12 that allows attackers with admin prof...

Jun 23, 2023
CVE-2023-28161
8.8

This vulnerability allows temporary permissions granted to local HTML files (loaded via file: URLs) to persist across different local files in the sam...

Jun 2, 2023
CVE-2023-31923
8.8

This vulnerability allows authenticated attackers with 'User Operator' privileges in Suprema BioStar 2 to create new user accounts with full administr...

May 22, 2023
CVE-2022-22472
8.8

This vulnerability allows remote attackers to bypass IBM Spectrum Protect Plus role-based access controls by retrieving session information from conta...

Jun 30, 2022
CVE-2022-1227
8.8

CVE-2022-1227 is a privilege escalation vulnerability in Podman that allows attackers to gain host filesystem access when users run 'podman top' on ma...

Apr 29, 2022
CVE-2021-37086
8.6

This vulnerability in Huawei smartphones allows attackers to bypass UID sandbox isolation and read synchronization files from other applications. It a...

Dec 7, 2021
CVE-2024-56191
8.4

This vulnerability is an integer overflow in the Wi-Fi driver of Android devices that allows local privilege escalation without user interaction. Atta...

Mar 10, 2025
CVE-2024-40672
8.4

This vulnerability allows local attackers to bypass factory reset protections on Android devices, potentially wiping user data without proper authoriz...

Jan 28, 2025
CVE-2025-24337
8.4

CVE-2025-24337 allows local users on WriteFreely servers to read database credentials from the config.ini file when MySQL is used. This affects WriteF...

Jan 20, 2025
CVE-2023-43612
8.4

CVE-2023-43612 is a local privilege escalation vulnerability in OpenHarmony that allows attackers to read and write arbitrary files due to improper pe...

Nov 20, 2023
CVE-2022-43910
8.4

This vulnerability in IBM Security Guardium 11.3 allows local users to escalate their privileges due to improper permission controls. Attackers with l...

Jul 19, 2023
CVE-2023-6186
8.3

This vulnerability in LibreOffice allows attackers to execute built-in macros without user warnings by exploiting insufficient permission validation i...

Dec 11, 2023
CVE-2023-0975
8.2

A local privilege escalation vulnerability in Trellix Agent for Windows allows authenticated local users to replace executable files during installati...

Apr 3, 2023
CVE-2023-42231
8.1

This vulnerability in Pat Infinite Solutions HelpdeskAdvanced allows low-privileged users to delete administrator accounts by sending requests to the ...

Jan 13, 2025
CVE-2024-28746
8.1

This vulnerability in Apache Airflow allows authenticated users with limited permissions to access sensitive resources like variables and connections ...

Mar 14, 2024
CVE-2025-25871
8.0

A privilege escalation vulnerability in Open Panel v0.3.4 allows remote attackers to gain elevated privileges through the Fix Permissions function. Th...

Mar 14, 2025
CVE-2025-43026
7.8

A local privilege escalation vulnerability in HP Support Assistant allows attackers to write arbitrary files, potentially gaining elevated system priv...

Jun 5, 2025
CVE-2025-31184
7.8

This vulnerability allows malicious applications to bypass permission checks and gain unauthorized access to the local network on Apple devices. It af...

Mar 31, 2025
CVE-2025-30456
7.8

A directory path parsing vulnerability in Apple operating systems allows applications to escalate privileges to root. This affects macOS Ventura, iOS,...

Mar 31, 2025
CVE-2025-30449
7.8

A permissions vulnerability in macOS allows applications to escalate privileges to root level. This affects macOS Ventura, Sequoia, and Sonoma systems...

Mar 31, 2025
CVE-2024-56192
7.8

This vulnerability allows local privilege escalation on affected Android Pixel Watch devices through an out-of-bounds write in the Wi-Fi scanning comp...

Mar 10, 2025
CVE-2023-42867
7.8

This vulnerability in GarageBand allows malicious applications to bypass entitlement and Team ID validation, potentially gaining root privileges on ma...

Dec 20, 2024
CVE-2024-40828
7.8

This vulnerability allows a malicious application to gain root privileges on affected macOS systems. It affects macOS Monterey, Ventura, and Sonoma be...

Jul 29, 2024
CVE-2024-3289
7.8

This vulnerability allows local privilege escalation on Windows systems where Nessus is installed to a non-default directory. Attackers could exploit ...

May 17, 2024
CVE-2024-3291
7.8

This vulnerability allows local privilege escalation on Windows systems when Nessus Agent is installed to a non-default directory. Attackers could exp...

May 17, 2024
CVE-2022-29594
7.8

CVE-2022-29594 is a privilege escalation vulnerability in eG Agent versions before 7.2 due to weak file permissions. This allows local attackers to ga...

Jun 2, 2022
CVE-2022-0330
7.8

A memory access vulnerability in the Linux kernel's i915 GPU driver allows local attackers to execute malicious GPU code, potentially causing system c...

Mar 25, 2022
CVE-2021-0927
7.8

This vulnerability allows local attackers to bypass permission checks in Android's TV input manager service, potentially gaining elevated privileges w...

Dec 15, 2021
CVE-2021-0953
7.8

This vulnerability allows malicious apps to access contacts and browser history bookmarks without proper permissions by exploiting an unsafe PendingIn...

Dec 15, 2021
CVE-2020-27383
7.8

This CVE describes a local privilege escalation vulnerability in the Battle.net launcher where authenticated users can replace the Battle.net.exe file...

Jun 9, 2021

About CWE-281 (CWE-281)

Our database tracks 88 CVEs classified as CWE-281, with 14 rated critical and 52 rated high severity. The average CVSS score for CWE-281 vulnerabilities is 7.6.

External reference: View CWE-281 on MITRE CWE →

Monitor CWE-281 Vulnerabilities

Get alerted when new CWE-281 CVEs affect your infrastructure.

Start Monitoring Free