Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-280

CWE-280

Improper Handling of Insufficient Permissions or Privileges

Parent: CWE-755 - Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

144 vulnerabilities with CWE-280

CVE-2024-36451 HIGH

Webmin <2.003 - Privilege Escalation

CVE-2024-39691 MEDIUM

matrix-appservice-irc < 2.0.1 - Information Disclosure via Homeserver Timestamp Manipulation

CVE-2024-6302 HIGH

Conduit <0.6.0 - Privilege Escalation

CVE-2024-5163 CRITICAL

com.transsion.carlcare - Info Disclosure

CVE-2024-4468 MEDIUM

WordPress <9.9 - Privilege Escalation

CVE-2024-35228 MEDIUM

Wagtail 6.0.0-6.0.4 and 6.1.0-6.1.1 - Authenticated Improper Permission Handling in Settings Module

CVE-2024-36112 MEDIUM

Nautobot <1.6.22 & 2.0.0 - Info Disclosure

CVE-2024-29852 LOW

Veeam Backup Enterprise Manager - Info Disclosure

CVE-2024-35301 MEDIUM

JetBrains TeamCity <2024.03.1 - Info Disclosure

CVE-2024-27837 LOW

macOS Sonoma <14.5 - Info Disclosure

CVE-2024-23704 HIGH

Android - Missing Authorization in WifiDialogActivity

CVE-2024-32882 LOW

Wagtail 6.0.0-6.0.3 - Permission Bypass via FieldPanel Permission Argument

CVE-2024-32488 HIGH

Foxit PDF Reader & Editor <2024.1 - Privilege Escalation

CVE-2024-32000 MEDIUM

matrix-appservice-irc <2.0.0 - Info Disclosure

CVE-2024-30418 HIGH

Huawei EMUI and HarmonyOS - Unauthenticated Denial of Service via App Management Module

CVE-2024-29748 HIGH KEV

Android < 2024-04-05 - Local Privilege Escalation via Logic Error

CVE-2024-22078 HIGH

Espec G5 <1.1.4.15 - Privilege Escalation

CVE-2024-22077 MEDIUM

Espec G5 <1.1.4.15 - Info Disclosure

CVE-2024-25844 HIGH

PrestaShop <4.1.26 - Privilege Escalation/Info Disclosure

CVE-2024-0560 MEDIUM

3scale - Improper Handling of Insufficient Permissions or Privileges in Token Introspection Policy

CVE-2024-1608 CRITICAL

OPPO Usercenter Credit SDK - Privilege Escalation via Loose Permission Check

CVE-2024-0015 HIGH

Google Android Intent Redirection - Privilege Escalation

CVE-2024-25108 CRITICAL

Pixelfed 0.10.4-0.11.9 - Insufficient Permission Validation

CVE-2023-38298 HIGH

TCL 30Z A3X 20XE 10L - Unauthenticated IMEI Leak via System Property

CVE-2023-52537 HIGH

Huawei EMUI and HarmonyOS - Improper Access Control in HwIms Module

Previous Page 4 of 6 Next

Details

Vulnerabilities 144

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy