CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,820 vulnerabilities with CWE-269
CVE-2025-27639 HIGH
Vasion Print < 20.0.2614 and Virtual Appliance < 22.0.1002 - Privilege Escalation
CVSS 8.8
CVE-2025-1425 MEDIUM
PocketBook InkPad Color 3 - Privilege Escalation
CVE-2025-1424 HIGH
PocketBook InkPad Color 3 <U743k3.6.8.3671 - Privilege Escalation
CVE-2025-1295 HIGH
Templines Elementor Helper Core <2.7 - Privilege Escalation
CVSS 8.8
CVE-2025-0893 HIGH
Symantec Diagnostic Tool <3.0.79 - Privilege Escalation
CVSS 7.8
CVE-2025-0327 HIGH
Windows Services - Privilege Escalation
CVSS 7.8
CVE-2025-25202 MEDIUM
Ash Authentication <4.1.0 - Info Disclosure
CVSS 6.5
CVE-2025-0180 CRITICAL
WP Foodbakery <3.3 - Privilege Escalation
CVSS 9.8
CVE-2025-23093 HIGH
Mitel OpenScape 4000 - Privilege Escalation
CVSS 8.8
CVE-2025-24805 MEDIUM
Mobile Security Framework < 4.3.1 - Improper Privilege Management via Access Token
CVSS 5.5
CVE-2025-22220 MEDIUM
VMware Aria Operations for Logs - Privilege Escalation
CVSS 4.3
CVE-2025-23007 MEDIUM
SonicWall NetExtender - Privilege Escalation via Log Export Function
CVSS 5.5
CVE-2025-0834 HIGH
Wondershare Dr.Fone <13.5.21 - Privilege Escalation
CVSS 7.8
CVE-2025-24353 MEDIUM
Directus < 11.2.0 - Improper Privilege Management via Share Feature
CVSS 5.0
CVE-2025-0651 HIGH
Cloudflare WARP <20 - Privilege Escalation
CVSS 7.1
CVE-2025-23208 HIGH
zot < 2.1.2 - Improper Privilege Management via Group Membership Append
CVSS 7.3
CVE-2025-21360 HIGH
Microsoft AutoUpdate < 4.76 - Elevation of Privilege
CVSS 7.8
CVE-2025-21343 HIGH
Windows 11 22H2-24H2 - Information Disclosure in Web Threat Defense User Service
CVSS 7.5
CVE-2025-21287 HIGH
Windows 10 1507-24H2 and Windows Server 2008-2012 - Elevation of Privilege via Windows Installer
CVSS 7.8
CVE-2025-22621 MEDIUM
Splunk App SOAR <1.0.67 - Privilege Escalation
CVSS 6.4
CVE-2024-38487 HIGH
Dell Emc VxRail Appliance < 7.0.520 - Improper Privilege Management
CVSS 7.0
CVE-2024-44250 HIGH
Apple macOS <15.1 - Privilege Escalation
CVSS 8.2
CVE-2024-50619 HIGH
CIPPlanner CIPAce < 9.17 - Authenticated Privilege Escalation via User ID Tampering
CVSS 8.8
CVE-2024-13997 HIGH
Nagios XI < 2024R1.1.3 - Authenticated Privilege Escalation via Migrate Server Feature
CVSS 7.2
CVE-2024-14009 HIGH
Nagios XI < 2024R1.0.1 - Authenticated Privilege Escalation via System Profile
CVSS 7.2
Details
Vulnerabilities 2,820
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits