CVEs classified under CWE-272, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2025-59106 — CVSS 8.8 (high): The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is…
CVE-2025-7722 — CVSS 8.8 (high): The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to…
CVE-2024-28824 — CVSS 8.8 (high): Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24…
CVE-2024-35204 — CVSS 8.4 (high): Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users…
CVE-2025-47809 — CVSS 8.2 (high): Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For…
CVE-2024-0638 — CVSS 8.2 (high): Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24…
CVE-2025-9711 — CVSS 7.8 (high): A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root”…
CVE-2024-28829 — CVSS 7.8 (high): Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32…
CVE-2024-27165 — CVSS 7.8 (high): Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges…
CVE-2025-49144 — CVSS 7.3 (high): Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the…
CVE-2023-28047 — CVSS 7.3 (high): Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local…
CVE-2026-39459 — CVSS 7.2 (high): A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the…
CVE-2025-1384 — CVSS 7.0 (high): Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation…
CVE-2023-28046 — CVSS 6.6 (medium): Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local…
CVE-2025-68267 — CVSS 6.5 (medium): In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an…
CVE-2024-0798 — CVSS 6.5 (medium): A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded…
CVE-2026-32655 — CVSS 5.3 (medium): Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged…
CVE-2026-23634 — CVSS 0.0 (none): Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or…