CWE-732
High likelihoodIncorrect Permission Assignment for Critical Resource
Parent: CWE-285 - Improper Authorization
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
1,661 vulnerabilities with CWE-732
CVE-2026-21902
CRITICAL
Juniper Junos OS Evolved 25.4-25.4R1-S1-EVO, 25.4R2-EVO - Remote Code Execution via Anomaly Detection
CVSS 9.8
CVE-2026-26102
HIGH
Owl opds 2.2.0.4 - Privilege Escalation
CVSS 7.8
CVE-2026-26101
HIGH
Owl opds 2.2.0.4 - Privilege Escalation
CVSS 7.8
CVE-2026-26100
MEDIUM
Owl opds 2.2.0.4 - Privilege Escalation
CVSS 5.5
CVE-2026-26096
MEDIUM
Owl opds 2.2.0.4 - Privilege Escalation
CVSS 5.5
CVE-2026-26095
MEDIUM
Owl opds 2.2.0.4 - Privilege Escalation
CVSS 5.5
CVE-2026-24834
CRITICAL
Kata Containers <3.27.0 - Privilege Escalation
CVSS 9.3
CVE-2026-1344
MEDIUM
Tanium Enforce Recovery Key Portal - Privilege Escalation
CVSS 6.5
CVE-2026-23648
HIGH
Glory RBG-100 ISPK-08 - Privilege Escalation
CVSS 7.8
CVE-2026-24131
MEDIUM
pnpm < 10.28.2 - Arbitrary File Permission Modification via directories.bin Path Traversal
CVSS 5.5
CVE-2026-0775
HIGH
npm - Incorrect Permission Assignment for Critical Resource
CVSS 7.0
CVE-2026-22280
MEDIUM
Dell PowerScale OneFS 9.5.0.0-9.12.9.9 - DoS via Incorrect Permission Assignment
CVSS 5.0
CVE-2026-24049
HIGH
wheel 0.40.0-0.46.1 - Arbitrary File Permission Modification via Malicious Wheel Archive
CVSS 7.1
CVE-2026-20092
MEDIUM
Cisco Intersight Virtual Appliance - Privilege Escalation
CVSS 6.0
CVE-2025-43290
MEDIUM
macOS < 14.8, < 15.7, < 26 - Unprotected File System Modification
CVSS 5.5
CVE-2025-41118
CRITICAL
Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection
CVSS 9.1
CVE-2025-15037
MEDIUM
ASUS Business System Control Interface - Privilege Escalation
CVE-2025-41712
MEDIUM
Janitza Device Web Server - Sensitive Information Exposure
CVSS 6.5
CVE-2025-30413
MEDIUM
Acronis Cyber Protect <40497/41186 - Info Disclosure
CVSS 4.4
CVE-2025-11790
MEDIUM
Acronis Cyber Protect Cloud Agent <41124 - Info Disclosure
CVSS 4.4
CVE-2025-12801
MEDIUM
nfs-utils - Privilege Escalation
CVSS 6.5
CVE-2025-70342
MEDIUM
erase-install <v40.4 - Info Disclosure
CVSS 6.6
CVE-2025-70341
HIGH
App-Auto-Patch 3.4.2 - Privilege Escalation
CVSS 7.8
CVE-2025-14604
MEDIUM
IBM Storage Scale 5.2.3.0-5.2.3.5/6.0.0.0-6.0.0.1 - Privilege Escal...
CVSS 6.6
CVE-2025-33088
HIGH
IBM Concert 1.0.0-2.1.0 - Privilege Escalation
CVSS 7.4
Details
Vulnerabilities
1,661
Exploit Likelihood
High