Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-276

CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,510 vulnerabilities with CWE-276

CVE-2025-20087 MEDIUM

Intel(R) oneAPI DPC++/C++ Compiler - Privilege Escalation

CVE-2025-20023 MEDIUM

Intel(R) Graphics Driver - Privilege Escalation

CVE-2025-8672 HIGH

GIMP < 3.1.4.2 - Unauthenticated TCC Permission Bypass via Bundled Python Interpreter

CVE-2025-7195 MEDIUM

Operator-SDK < 0.15.2 - Incorrect Default Permissions via user_setup Script

CVE-2025-44643 HIGH

Draytek AP903 <1.4.18-AP918R <1.4.9 - Privilege Escalation

CVE-2025-41658 MEDIUM

CODESYS Runtime Toolkit - Info Disclosure

CVE-2025-52361 HIGH

AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 - Command ...

CVE-2025-54085 LOW

Absolute Secure Access < 13.56 - Authenticated Permission Bypass in Management Console

CVE-2025-49084 CRITICAL

Absolute Secure Access < 13.56 - Authenticated Policy Rule Overwrite

CVE-2025-49082 LOW

Absolute Secure Access < 13.56 - Authenticated Permission Bypass in Management Console

CVE-2025-54530 HIGH

JetBrains TeamCity < 2025.07 - Privilege Escalation via Incorrect Directory Permissions

CVE-2025-45467 HIGH

Unitree Go1 <= Go1_2022_05_11 - Insecure Firmware Update Permissions via MD5 Checksum

CVE-2025-8069 HIGH

AWS Client VPN 4.1.0-4.1.0 and 5.0.0-5.2.1 - Unauthenticated Privilege Escalation via OpenSSL Configuration File

CVE-2025-8031 CRITICAL

Firefox and Thunderbird - HTTP Basic Authentication Credential Leak via CSP Report URL Handling

CVE-2025-54059 MEDIUM

melange 0.23.0-0.29.4 - Incorrect Default Permissions in SBOM Files

CVE-2025-53945 HIGH

apko <0.29.5 - Privilege Escalation

CVE-2025-0886 HIGH

Elliptic Labs Virtual Lock Sensor - Privilege Escalation

CVE-2025-7672 MEDIUM

JiranSoft CrossEditor4 <4.6.0.23 - XSS

CVE-2025-5199 HIGH

Canonical Multipass <= 1.15.1 - Privilege Escalation via Launch Daemon File Modification

CVE-2025-41665 MEDIUM

PHOENIX CONTACT AXC F 1152/2152/3152, BPC 9102S, RFC 4072S < 2025.0.2 - DoS via Watchdog Reboot

CVE-2025-46014 HIGH

Honor PC Manager < 16.0.0.118 - Privilege Escalation via iMateBookAssistant Named Pipe

CVE-2025-52991 LOW

Nix/Lix/Guix <2.24.15/2.26.4/2.28.4/2.29.1 - Info Disclosure

CVE-2025-52900 MEDIUM

filebrowser < 2.33.7 - Incorrect Default Permissions

CVE-2025-39201 MEDIUM

MicroSCADA X SYS600 10.0-10.7 - Unauthenticated Denial of Service via Notify Service File Tampering

CVE-2025-49144 HIGH

Notepad++ <8.8.1 - Privilege Escalation

Previous Page 7 of 61 Next

Details

Vulnerabilities 1,510

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy