Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-280

CWE-280

Improper Handling of Insufficient Permissions or Privileges

Parent: CWE-755 - Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

144 vulnerabilities with CWE-280

CVE-2025-58770 HIGH

AMI APTIO V 5.0-5.041 - Privilege Escalation via BIOS Local Access

CVE-2025-58122 MEDIUM

Checkmk 2.4.0 - Insufficient Permission Validation in REST API

CVE-2025-58121 MEDIUM

Checkmk <2.4.0p16 - Info Disclosure

CVE-2025-58410 HIGH

ImaginationTech DDK - Privilege Escalation via GPU System Call Memory Protection Bypass

CVE-2025-62510 HIGH

FileRise < 1.5.0 - Improper Access Control via Folder Name Inference

CVE-2025-62509 HIGH

FileRise < 1.4.0 - Unauthorized File Operations via Insecure Folder Ownership Inference

CVE-2025-62176 MEDIUM

Mastodon <4.4.6-4.2.27 - Info Disclosure

CVE-2025-45376 HIGH

Dell Repository Manager <3.4.8 - Privilege Escalation

CVE-2025-58457 MEDIUM

Apache ZooKeeper <3.9.4 - Privilege Escalation

CVE-2025-59040 MEDIUM

Tuleap < 16.11.99.1757427600 - Insufficient Permission Validation in Backlog Item Representation

CVE-2025-50170 HIGH

Windows Cloud Files Mini Filter Driver - Privilege Escalation

CVE-2025-6573 CRITICAL

Imagination Technologies Graphics DDK <=25.1 RTM - Kernel Information Disclosure

CVE-2025-8109 HIGH

Imagination Technologies Graphics DDK 1.13 RTM-24.2 RTM2 and >=24.3 RTM - Unauthorized Memory Write via ptrace

CVE-2025-49731 LOW

Microsoft Teams - Privilege Escalation

CVE-2025-27025 HIGH

Infinera G42 6.1.3 through 7.1 - Directory Traversal

CVE-2025-27024 MEDIUM

Infinera G42 R6.1.3 - Info Disclosure

CVE-2025-46708 MEDIUM

ImaginationTech DDK 23.2-24.2 - Improper Handling of Insufficient Permissions or Privileges

CVE-2025-22256 MEDIUM

Fortinet FortiPAM <1.4.1 - Privilege Escalation

CVE-2025-25179 HIGH

ImaginationTech DDK < 24.3 - Unauthenticated Arbitrary Physical Memory Write via GPU System Calls

CVE-2025-3931 HIGH

Yggdrasil - Unauthenticated Privilege Escalation via DBus Method Dispatch

CVE-2025-29826 HIGH

Microsoft Dataverse < 3.4.0.1406 - Privilege Escalation via Insufficient Permission Handling

CVE-2025-30453 HIGH

macOS < 13.7.6, < 14.7.6, < 15.4 - Privilege Escalation to Root

CVE-2025-46740 HIGH

SEL Blueframe OS 1.12.0 - Administrator Account Name Modification

CVE-2025-46584 HIGH

File System Module - Info Disclosure

CVE-2025-31173 HIGH

Kernel Futex - Privilege Escalation

Previous Page 2 of 6 Next

Details

Vulnerabilities 144

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy