Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1220

CWE-1220

Insufficient Granularity of Access Control

Parent: CWE-284 - Improper Access Control

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

85 vulnerabilities with CWE-1220

CVE-2025-3648 HIGH

ServiceNow Now Platform - Unauthenticated Data Inference via Range Query Requests

CVE-2025-27026 MEDIUM

Infinera G42 R6.1.3 - Privilege Escalation

CVE-2025-4404 CRITICAL

Red Hat Enterprise Linux - Privilege Escalation via FreeIPA krbCanonicalName Uniqueness Bypass

CVE-2025-5982 LOW

GitLab EE <17.10.8-18.0.2 - Auth Bypass

CVE-2025-4979 MEDIUM

GitLab CE/EE <17.10.7-18.0.1 - Info Disclosure

CVE-2025-1110 LOW

GitLab 18.0 - Insufficient Granularity of Access Control via GraphQL Query

CVE-2025-32703 MEDIUM

Visual Studio 2017, 2019, 2022 - Information Disclosure via Insufficient Access Control

CVE-2025-1278 MEDIUM

GitLab CE/EE <17.9.8-17.11.2 - Auth Bypass

CVE-2025-31201 CRITICAL KEV

macOS < 15.4.1 - Pointer Authentication Bypass via Insufficient Access Control

CVE-2025-2408 MEDIUM

GitLab CE/EE <17.8.7-17.10.4 - Auth Bypass

CVE-2025-29987 HIGH

Dell PowerProtect Data Domain <8.3.0.15 - Privilege Escalation

CVE-2025-20111 HIGH

Cisco NX-OS Software - Unauthenticated Denial of Service via Crafted Ethernet Frames

CVE-2024-21962 HIGH

AMD EPYC 4005 Series Processors - Privilege Escalation and Arbitrary Code Execution via AMD RAID Driver

CVE-2024-4147 MEDIUM

lunary-ai/lunary <1.2.13 - Privilege Escalation

CVE-2024-21947 HIGH

System Management Mode - Memory Corruption

CVE-2024-33058 HIGH

Memory Corruption - Buffer Overflow

CVE-2024-12619 MEDIUM

GitLab CE/EE <17.8.6-17.10.1 - Privilege Escalation

CVE-2024-6696 MEDIUM

Hitachi Vantara Pentaho <10.2.0.0-9.3.0.9 - Info Disclosure

CVE-2024-39279 MEDIUM

Intel(R) processors - Authenticated Denial of Service via UEFI Firmware Access Control

CVE-2024-21971 MEDIUM

AMD Ryzen 5000 and 7000 Series Desktop Processors - Denial of Service via AMD Crash Defender Input Validation

CVE-2024-53295 HIGH

Dell PowerProtect DD <8.3.0.0-7.13.1.20 - Privilege Escalation

CVE-2024-11931 MEDIUM

GitLab CE/EE <17.6.4-17.7.3-17.8.1 - Info Disclosure

CVE-2024-13272 MEDIUM

Drupal Paragraphs <2.0.2 - Info Disclosure

CVE-2024-13256 HIGH

Drupal Email Contact <2.0.4 - Info Disclosure

CVE-2024-52814 LOW

Argo Helm <0.45.0 - Privilege Escalation

Previous Page 2 of 4 Next

Details

Vulnerabilities 85

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy