CWE-267

Privilege Defined With Unsafe Actions

Parent: CWE-269 - Improper Privilege Management

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

64 vulnerabilities with CWE-267
CVE-2026-6816 LOW
TFA Basic Plugins - Access Bypass
CVSS 3.8
CVE-2026-9560 HIGH
OpenVPN Connect < 3.8.1 - Privilege Defined With Unsafe Actions
CVSS 7.8
CVE-2026-42406 HIGH
F5 BIG-IP/BIG-IQ - Authenticated Privilege Escalation
CVSS 8.7
CVE-2026-29646 CRITICAL
OpenXiangShan NEMU <55295c4 - Privilege Escalation
CVSS 9.8
CVE-2026-27314 HIGH
Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass
CVSS 8.8
CVE-2026-2460 HIGH
HitachiEnergy REB500 Firmware < 8.3.3.1 - Authenticated Directory Access and Modification via DAC Protocol
CVSS 8.1
CVE-2026-2459 HIGH
Hitachi Energy REB500 Firmware < 8.3.3.1 - Authenticated Directory Access and Modification
CVSS 8.1
CVE-2026-0945 HIGH
Drupal Role Delegation <1.5.0 - Privilege Escalation
CVSS 8.8
CVE-2026-23526 HIGH
CVAT <2.54.0 - Privilege Escalation
CVSS 8.8
CVE-2025-14349 HIGH
Universal Software Inc. FlexCity/Kiosk <1.0.36 - Privilege Escalation
CVSS 8.8
CVE-2025-13979 MEDIUM
Drupal Mini site < 3.0.2 - Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-53900 MEDIUM
Kiteworks MFT <9.1.0 - Privilege Escalation
CVSS 6.5
CVE-2025-62641 HIGH
Oracle VM VirtualBox <7.2.2 - Privilege Escalation
CVSS 8.2
CVE-2025-62591 MEDIUM
Oracle VM VirtualBox <7.2.2 - Privilege Escalation
CVSS 6.0
CVE-2025-62590 HIGH
Oracle VM VirtualBox <7.2.2 - Privilege Escalation
CVSS 8.2
CVE-2025-62589 HIGH
Oracle VM VirtualBox <7.2.2 - Privilege Escalation
CVSS 8.2
CVE-2025-62588 HIGH
Oracle VM VirtualBox <7.2.2 - Privilege Escalation
CVSS 8.2
CVE-2025-62587 HIGH
Oracle VM VirtualBox <7.2.2 - Privilege Escalation
CVSS 8.2
CVE-2025-62480 LOW
Oracle ZFS Storage Appliance Kit 8.8 - Partial Denial of Service in Naming Subsystem
CVSS 2.7
CVE-2025-62479 LOW
Oracle ZFS Storage Appliance Kit 8.8 - Authenticated Partial Denial of Service via HTTP
CVSS 2.7
CVE-2025-62289 MEDIUM
Oracle ZFS Storage Appliance Kit 8.8 - Denial of Service via HTTP
CVSS 4.9
CVE-2025-62288 MEDIUM
Oracle Health Sciences Data Management Workbench <3.4.1.0.10 - Unau...
CVSS 4.9
CVE-2025-61754 MEDIUM
Oracle Analytics Web Service API <8.2.0.0.0 - Unauthorized Access
CVSS 6.5
CVE-2025-53070 MEDIUM
Oracle Solaris 11 - Denial of Service in Filesystem
CVSS 5.5
CVE-2025-41244 HIGH KEV
VMware Aria Operations and VMware Tools - Local Privilege Escalation via SDMP
CVSS 7.8
Details
Vulnerabilities 64
Links
MITRE CWE Entry Search this CWE With Exploits