CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,778 vulnerabilities with CWE-269
CVE-2025-53027 HIGH
Oracle VM VirtualBox 7.1.10 - Privilege Escalation
CVSS 8.2
CVE-2025-53026 MEDIUM
Oracle VM VirtualBox 7.1.10 - Improper Privilege Management
CVSS 6.0
CVE-2025-53025 MEDIUM
Oracle VM VirtualBox 7.1.10 - Unauthorized Data Access via Core Component
CVSS 6.0
CVE-2025-53024 HIGH
Oracle VM VirtualBox 7.1.10 - Privilege Escalation in Core Component
CVSS 8.2
CVE-2025-50069 HIGH
Oracle Database Server <21.18 - RCE
CVSS 7.7
CVE-2025-50066 LOW
Oracle Database <23.8 - Privilege Escalation
CVSS 2.7
CVE-2025-50065 LOW
Oracle GraalVM for JDK <24.0.1 - DoS
CVSS 3.7
CVE-2025-50064 MEDIUM
Oracle WebLogic Server <14.1.2.0.0 - Privilege Escalation
CVSS 4.8
CVE-2025-50062 HIGH
Oracle PeopleSoft Enterprise HCM Global Payroll Core 9.2.51-9.2.52 - Privilege Escalation
CVSS 8.1
CVE-2025-50061 MEDIUM
Oracle Primavera P6 EPM 20.12.0-24.12.4 - Privilege Escalation
CVSS 5.4
CVE-2025-7341 CRITICAL
HT Contact Form Widget < 2.2.1 - Unauthenticated Arbitrary File Deletion
CVSS 9.1
CVE-2025-50124 HIGH
Server <unknown> - Privilege Escalation
CVE-2025-5028 MEDIUM
ESET Security Products - Privilege Escalation
CVE-2025-6759 HIGH
Citrix Virtual Apps and Desktops - Local Privilege Escalation to SYSTEM via Windows Virtual Delivery Agent
CVSS 7.8
CVE-2025-43019 HIGH
HP Support Assistant - Privilege Escalation
CVSS 7.8
CVE-2025-24006 HIGH
CHARX SEC-3000/3050/3100/3150 Firmware < 1.7.3 - Privilege Escalation via SSH Insecure Permissions
CVSS 7.8
CVE-2025-6943 LOW
Delinea Secret Server < 11.7.000060 - SQL Report Creation Privilege Escalation
CVSS 3.8
CVE-2025-36630 HIGH
Tenable Nessus < 10.8.5 - Arbitrary File Write via Log File Overwrite
CVSS 8.4
CVE-2025-6934 CRITICAL
Opal Estate Pro - Property Management and Submission <=1.7.5 - Privilege Escalation
CVSS 9.8
CVE-2025-53003 HIGH
jans-config-api-server < 1.8.0 - Unauthenticated Exposure of Sensitive Information via Missing Scope Verification
CVE-2025-45737 MEDIUM
NeacSafe64 < 1.0.0.8 - Privilege Escalation via IOCTL Command
CVSS 6.5
CVE-2025-52555 MEDIUM
Ceph <19.2.2 - Privilege Escalation
CVSS 6.5
CVE-2025-37101 HIGH
HPE OneView for VMware vCenter - Privilege Escalation
CVSS 8.7
CVE-2025-4334 CRITICAL
Simple User Registration < 6.3 - Unauthenticated Privilege Escalation via User Meta Manipulation
CVSS 9.8
CVE-2025-20282 CRITICAL
Cisco Identity Services Engine and ISE-PIC - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 10.0
Details
Vulnerabilities 2,778
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits