Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-250

CWE-250

Medium likelihood

Execution with Unnecessary Privileges

Parent: CWE-269 - Improper Privilege Management

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

326 vulnerabilities with CWE-250

CVE-2026-47190 MEDIUM

IPAM controller service account granted unnecessary full access to Secrets

CVE-2026-12027 CRITICAL

Google Chrome < 149.0.7827.115 - Sandbox Escape via Headless Inappropriate Implementation

CVE-2026-11626 MEDIUM

Local Privilege Escalation in Symantec Endpoint Protection macOS CleanWipe Removal Tool

CVE-2026-50566 CRITICAL

Fission < 1.24.0 Environment Validation - Privileged Pod Creation

CVE-2026-50565 MEDIUM

Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container

CVE-2026-46618 MEDIUM

Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables

CVE-2026-46617 HIGH

Fission < 1.23.0 Runtime Pods - Service Account Token Exposure

CVE-2026-46748 HIGH

Siemens Sinec Ins < V1.0 SP2 Update 6 - Execution with Unnecessary Privileges

CVE-2026-11167 CRITICAL

Google Chrome < 149.0.7827.53 - Sandbox Escape via WebView

CVE-2026-10843 HIGH

Cloud-credential-operator: cco mint-mode credentialsrequest manifests grant account-wide iam access beyond cluster scope on aws

CVE-2026-42061 HIGH

Acronis DeviceLock Dlp < 9.0.15051.93227 - Execution with Unnecessary Privileges

CVE-2026-44477 CRITICAL

CloudNativePG Metrics Exporter - PostgreSQL Superuser Privilege Escalation

CVE-2026-3623 HIGH

Vulnerabilities exists in IBM Netezza Performance Server Replication Services

CVE-2026-8370 HIGH

Automic Automation Agent Unix privilege escalation

CVE-2026-29205 HIGH

cPanel 11.120.0.0-11.136.0.9 Arbitrary File Read via cpdavd

CVE-2026-32673 HIGH

F5 BIG-IP 16.1.0-21.1.0 - Authenticated Privilege Escalation via Scripted Monitors

CVE-2026-32643 HIGH

F5 BIG-IP/BIG-IQ - Authenticated Command Execution

CVE-2026-25710 HIGH

KDE plasma-login-manager - Privilege Escalation via plasmaloginauthhelper D-Bus Helper

CVE-2026-42833 CRITICAL

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

CVE-2026-40638 MEDIUM

Dell PowerScale InsightIQ < 6.3.0 or later - Execution with Unnecessary Privileges

CVE-2026-41900 HIGH

OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment

CVE-2026-42088 CRITICAL

OpenC3 COSMOS: Administrative Actions via the Script Runner Tool

CVE-2026-40550 MEDIUM

Privilege Escalation in mpGabinet

CVE-2026-25908 MEDIUM

Dell Alienware Command Center <6.13.8.0 - Privilege Escalation

CVE-2026-22008 LOW

Oracle Java SE 25.0.1 - Unauthenticated Data Manipulation

Page 1 of 14 Next

Details

Vulnerabilities 326

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy