CVEs classified under CWE-268, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2024-4877 — CVSS 8.8 (high): OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI…
CVE-2025-7973: A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair…
CVE-2026-32325 — CVSS 7.8 (high): Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local…
CVE-2026-3888 — CVSS 7.8 (high): Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when…
CVE-2025-64701 — CVSS 7.8 (high): QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to…
CVE-2025-2297 — CVSS 7.8 (high): Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes…
CVE-2025-0889 — CVSS 7.8 (high): Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the…
CVE-2024-47045 — CVSS 7.8 (high): Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL…
CVE-2019-3844 — CVSS 7.8 (high): It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries…
CVE-2025-49741 — CVSS 7.4 (high): No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
CVE-2023-2250 — CVSS 6.7 (medium): A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration…
CVE-2024-1299 — CVSS 6.5 (medium): A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was…
CVE-2024-1250 — CVSS 6.5 (medium): An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role…
CVE-2025-32955 — CVSS 6.0 (medium): Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are…
CVE-2025-36124 — CVSS 5.9 (medium): IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by…
CVE-2025-20112 — CVSS 5.1 (medium): A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker…