Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-648

CWE-648

Low likelihood

Incorrect Use of Privileged APIs

Parent: CWE-269 - Improper Privilege Management

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

63 vulnerabilities with CWE-648

CVE-2026-9560 HIGH

OpenVPN Connect < 3.8.1 - Privilege Defined With Unsafe Actions

CVE-2026-41225 CRITICAL

F5 BIG-IP 16.1.0-17.1.3.1/17.5.0-17.5.1.5/21.0.0-21.0.0.1/>=21.1.0 - Authenticated RCE via iControl REST

CVE-2026-41386 CRITICAL

OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Bootstrap Setup Codes

CVE-2026-41329 CRITICAL

OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner Escalation

CVE-2026-35669 HIGH

OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope

CVE-2026-35663 HIGH

OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim

CVE-2026-35645 HIGH

OpenClaw < 2026.3.25 - Privilege Escalation via Synthetic operator.admin in deleteSession

CVE-2026-35639 HIGH

OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation

CVE-2026-35625 HIGH

OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect

CVE-2026-20126 HIGH

Cisco Catalyst SD-WAN Manager - Privilege Escalation

CVE-2026-20122 MEDIUM KEV

Cisco Catalyst SD-WAN Manager - Path Traversal

CVE-2026-22922 MEDIUM

Apache Airflow <3.1.6 - Info Disclosure

CVE-2025-1161 HIGH

Nomysem <= May 2025 - Privilege Escalation via Incorrect Use of Privileged APIs

CVE-2025-63291 MEDIUM

Alteryx Server 2022.1.1.42654-2024.1 - Info Disclosure

CVE-2025-54769 HIGH

lpar2rrd < 8.04 - Authenticated Directory Traversal and Remote Code Execution via File Upload

CVE-2025-54768 MEDIUM

lpar2rrd < 8.04 - Unauthenticated Sensitive Information Exposure via Privileged API Endpoint

CVE-2025-54767 MEDIUM

Xormon Original - Privilege Escalation

CVE-2025-54766 MEDIUM

xorux xormon < 1.8.0 - Unauthenticated Sensitive Information Exposure via Privileged API Endpoint

CVE-2025-54765 MEDIUM

Xorux XorMon <= 1.8.0 - Privilege Escalation via API Endpoint

CVE-2025-5997 HIGH

Beamsec PhishPro <7.5.4.2 - Privilege Escalation

CVE-2025-7344 HIGH

Digiwin EAI < 2.5.1 build 0161 - Privilege Escalation via Specific API

CVE-2025-23375 HIGH

Dell PowerProtect Data Manager Reporting <19.17 - Privilege Escalation

CVE-2025-2311 CRITICAL

SecHard <3.3.0.20220411 - Privilege Escalation

CVE-2025-0589 MEDIUM

Octopus Server 2020.3.3-2024.3.13071 - Unauthenticated Information Disclosure via Active Directory API Endpoints

CVE-2024-32008 HIGH

Spectrum Power 4 <V4.70 SP12 Update 2 - Privilege Escalation

Page 1 of 3 Next

Details

Vulnerabilities 63

Exploit Likelihood Low

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy