Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-276

CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,509 vulnerabilities with CWE-276

CVE-2026-11931 MEDIUM

Insecure Permissions on Authentication Token Cache File in Kiro IDE

CVE-2026-49157 HIGH

Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default

CVE-2026-48191 LOW

Wrong Permission Handling in Document Search Article Meta Filters

CVE-2026-48190 LOW

Incorrect handling of permissions in External Interface Config Item List module

CVE-2026-33590 HIGH

Insecure default permissions in Portainer CE

CVE-2026-49237 HIGH

Local Privilege Escalation in Canonical Multipass

CVE-2026-44469 HIGH

Incorrect Default Permissions in CODESYS Development System

CVE-2026-44468 HIGH

Incorrect Default Permissions in CODESYS Development System

CVE-2026-8487 MEDIUM

Incorrect default permissions vulnerability in Progress Software MOVEit Automation

CVE-2026-47107 HIGH

Windmill < 1.703.2 Incorrect Default Permissions in nsjail Configuration

CVE-2026-0432 HIGH

Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics - Incorrect Default Permissions

CVE-2026-27680 LOW

CSS Injection vulnerability in SAP NetWeaver Application Server ABAP

CVE-2026-36742 MEDIUM

Hiseeu C90 v5.7.15 - Insecure Permissions

CVE-2026-21015 MEDIUM

Samsung Mobile Devices - Info Disclosure

CVE-2026-20718 MEDIUM

Intel(R) NPU Driver software installers < 32.0.100.4511 - Escalation of Privilege via Incorrect Default Permissions

CVE-2026-41712 HIGH

ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

CVE-2026-45393 HIGH

Cribl Edge < 4.17.1 - Improper Input Validation

CVE-2026-0539 HIGH

Local Privilege Escalation in pcvisit service client

CVE-2026-6823 HIGH

HKUDS OpenHarness Insecure Default Remote Channel Allowlist

CVE-2026-6819 HIGH

HKUDS OpenHarness Plugin Management Command Exposure

CVE-2026-39454 HIGH

SKYSEA Client View <=21.200.07j - Privilege Escalation

CVE-2026-30811 MEDIUM

Missing Authorization in Configuration Ajax Endpoint leads to Information Disclosure

CVE-2026-21013 MEDIUM

Samsung Galaxy Wearable <2.2.68.26 - Info Disclosure

CVE-2026-25203 HIGH

Samsung MagicINFO 9 Server < 21.1091.1 - Local Privilege Escalation via Incorrect Default Permissions

CVE-2026-21765 HIGH

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys

Page 1 of 61 Next

Details

Vulnerabilities 1,509

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy