CVE & Exploit Intelligence Database

CVE-2026-20126 8.8 HIGH EPSS 0.00

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could allow the attacker to gain root privileges on the underlying operating system.

CWE-648 Feb 25, 2026

CVE-2026-20122 5.4 MEDIUM EXPLOITED EPSS 0.00

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

CWE-648 Feb 25, 2026

CVE-2026-22922 6.5 MEDIUM EPSS 0.00

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this issue.

CWE-648 Feb 09, 2026

CVE-2025-1161 7.1 HIGH EPSS 0.00

Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025.

CWE-648 Dec 10, 2025

CVE-2025-63291 5.4 MEDIUM EPSS 0.00

When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying particlar MongoDB object IDs, callers could obtain records for other users without proper authorization. Records retrievable using this attack included administrative API keys and private studio api keys.

CWE-639 Nov 14, 2025

CVE-2024-32008 7.8 HIGH EPSS 0.00

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user.

CWE-648 Nov 11, 2025

CVE-2025-54769 8.8 HIGH 2 PoCs Analysis EPSS 0.05

An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.

CWE-648 Jul 29, 2025

CVE-2025-54768 5.3 MEDIUM EPSS 0.00

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information.

CWE-648 Jul 29, 2025

CVE-2025-54767 6.5 MEDIUM EPSS 0.00

An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user.

CWE-648 Jul 29, 2025

CVE-2025-54766 5.3 MEDIUM EPSS 0.00

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information.

CWE-648 Jul 29, 2025

CVE-2025-54765 5.3 MEDIUM EPSS 0.00

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include granting themselves administrative level permissions.

CWE-648 Jul 29, 2025

CVE-2025-5997 8.8 HIGH EPSS 0.00

Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse.This issue affects PhishPro: before 7.5.4.2.

CWE-648 Jul 28, 2025

CVE-2025-7344 8.8 HIGH EPSS 0.00

The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to administrator level via a specific API.

CWE-648 Jul 21, 2025

CVE-2025-23375 7.8 HIGH EPSS 0.00

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CWE-648 Apr 28, 2025

CVE-2022-26323 EPSS 0.00

Incorrect Use of Privileged APIs vulnerability in OpenText™ Operations Bridge Manager, OpenText™ Operations Bridge Suite (Containerized), OpenText™ UCMDB ( Classic and Containerized) allows Privilege Escalation.  The vulnerability could allow authenticated attackers to elevate user privileges. This issue affects Operations Bridge Manager: through 2021.05; Operations Bridge Suite (Containerized): through 2021.05; UCMDB ( Classic and Containerized): through 2021.05.

CWE-648 Apr 17, 2025

CVE-2025-2311 9.0 CRITICAL EPSS 0.00

Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411.

CWE-319 Mar 20, 2025

CVE-2025-0589 5.3 MEDIUM EPSS 0.00

In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directory. The requests when crafted correctly would return specific information from user profiles (Email address/UPN and Display name) from one endpoint and group information ( Group ID and Display name) from the other. This vulnerability does not expose data within the Octopus Server product itself.

CWE-648 Feb 11, 2025

CVE-2024-53007 6.4 MEDIUM EPSS 0.00

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call.

CWE-648 Jan 31, 2025

CVE-2024-8785 9.8 CRITICAL EPSS 0.06

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.

CWE-648 Dec 02, 2024

CVE-2024-11068 9.8 CRITICAL EPSS 0.01

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.

CWE-648 Nov 11, 2024