Search

Blog Stats Labs CLI MCP API Limits About Privacy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Blog Statistics Labs CLI Tool MCP Server API Documentation Rate Limits About Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1220

CWE-1220

Insufficient Granularity of Access Control

Parent: CWE-284 - Improper Access Control

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

73 vulnerabilities with CWE-1220

CVE-2026-20107 MEDIUM

Cisco APIC - DoS

SEV firmware - Privilege Escalation

SEV firmware - Privilege Escalation

Cryptobox - Privilege Escalation

CVE-2024-4147 MEDIUM

lunary-ai/lunary <1.2.13 - Privilege Escalation

CVE-2025-11246 MEDIUM

GitLab CE/EE <18.5.5-18.7.1 - Privilege Escalation

Asseco InfoMedica - Info Disclosure

CVE-2025-20305 MEDIUM

Cisco ISE - Info Disclosure

CVE-2025-8053 CRITICAL

Opentext Flipper <3.1.2 - Privilege Escalation

CVE-2025-8049 HIGH

Opentext Flipper <3.1.2 - Privilege Escalation

CVE-2025-54461 MEDIUM

ChatLuck - Info Disclosure

CVE-2025-7493 CRITICAL

FreeIPA - Privilege Escalation

CVE-2024-21947 HIGH

System Management Mode - Memory Corruption

CVE-2025-31961 LOW

HCL Connections - Info Disclosure

CVE-2025-2498 LOW

Gitlab EE <18.0.6-18.2.2 - Auth Bypass

CVE-2025-22839 HIGH

Intel(R) Xeon(R) 6 Scalable - Privilege Escalation

CVE-2025-7001 MEDIUM

GitLab CE/EE <18.0.5-18.2.1 - Privilege Escalation

ServiceNow - Info Disclosure

CVE-2025-27026 MEDIUM

Infinera G42 R6.1.3 - Privilege Escalation

CVE-2025-4404 CRITICAL

FreeIPA - Privilege Escalation

CVE-2025-5982 LOW

GitLab EE <17.10.8-18.0.2 - Auth Bypass

CVE-2025-4979 MEDIUM

GitLab CE/EE <17.10.7-18.0.1 - Info Disclosure

CVE-2025-1110 LOW

Gitlab - Incorrect Authorization

CVE-2025-32703 MEDIUM

Microsoft Visual Studio 2017 < 15.9.73 - Information Disclosure

CVE-2025-1278 MEDIUM

GitLab CE/EE <17.9.8-17.11.2 - Auth Bypass

Page 1 of 3 Next

Details

Vulnerabilities 73

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy