Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-648

CWE-648

Low likelihood

Incorrect Use of Privileged APIs

Parent: CWE-269 - Improper Privilege Management

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

61 vulnerabilities with CWE-648

CVE-2026-41386 CRITICAL

OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Bootstrap Setup Codes

CVE-2026-41329 CRITICAL

OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner Escalation

CVE-2026-35669 HIGH

OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope

CVE-2026-35663 HIGH

OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim

CVE-2026-35645 HIGH

OpenClaw < 2026.3.25 - Privilege Escalation via Synthetic operator.admin in deleteSession

CVE-2026-35639 HIGH

OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation

CVE-2026-35625 HIGH

OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect

CVE-2026-20126 HIGH

Cisco Catalyst SD-WAN Manager - Privilege Escalation

CVE-2026-20122 MEDIUM KEV

Cisco Catalyst SD-WAN Manager - Path Traversal

CVE-2026-22922 MEDIUM

Apache Airflow <3.1.6 - Info Disclosure

CVE-2025-1161 HIGH

Nomysem - Privilege Escalation

CVE-2025-63291 MEDIUM

Alteryx Server 2022.1.1.42654-2024.1 - Info Disclosure

CVE-2025-54769 HIGH

Xorux Lpar2rrd < 8.04 - Remote Code Execution

CVE-2025-54768 MEDIUM

API Endpoint - Info Disclosure

CVE-2025-54767 MEDIUM

Xormon Original - Privilege Escalation

CVE-2025-54766 MEDIUM

API - Info Disclosure

CVE-2025-54765 MEDIUM

Xorux XorMon <= 1.8.0 - Privilege Escalation via API Endpoint

CVE-2025-5997 HIGH

Beamsec PhishPro <7.5.4.2 - Privilege Escalation

CVE-2025-7344 HIGH

Digiwin EAI - Privilege Escalation

CVE-2025-23375 HIGH

Dell PowerProtect Data Manager Reporting <19.17 - Privilege Escalation

CVE-2025-2311 CRITICAL

SecHard <3.3.0.20220411 - Privilege Escalation

CVE-2025-0589 MEDIUM

Octopus Deploy - Info Disclosure

CVE-2024-32008 HIGH

Spectrum Power 4 <V4.70 SP12 Update 2 - Privilege Escalation

CVE-2024-53007 MEDIUM

Bentley Systems ProjectWise Integration Server <10.00.03.288 - SQL ...

CVE-2024-8785 CRITICAL

WhatsUp Gold <2024.0.1 - RCE

Page 1 of 3 Next

Details

Vulnerabilities 61

Exploit Likelihood Low

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy