CVEs classified under CWE-273, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (36)
CVE-2015-0278 — CVSS 10.0 (critical): libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified…
CVE-2023-34844 — CVSS 9.8 (critical): Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape.
CVE-2021-36372 — CVSS 9.8 (critical): In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with…
CVE-2011-3350 — CVSS 9.8 (critical): masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping.
CVE-2011-2921 — CVSS 9.8 (critical): ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can…
CVE-2017-6972 — CVSS 9.8 (critical): AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl…
CVE-2026-32107 — CVSS 8.8 (high): xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the…
CVE-2025-27396 — CVSS 8.8 (high): A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit…
CVE-2024-8382 — CVSS 8.8 (high): Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web…
CVE-2020-14300 — CVSS 8.8 (high): The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053…
CVE-2020-14298 — CVSS 8.8 (high): The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc…
CVE-2025-1003: A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in…
CVE-2018-16466 — CVSS 8.1 (high): Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by…
CVE-2026-0099 — CVSS 7.8 (high): In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in…
CVE-2023-34322 — CVSS 7.8 (high): For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself…
CVE-2023-35692 — CVSS 7.8 (high): In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input…
CVE-2022-0358 — CVSS 7.8 (high): A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to…
CVE-2019-20044 — CVSS 7.8 (high): In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite…
CVE-2019-18276 — CVSS 7.8 (high): An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID…
CVE-2018-8599 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file…
CVE-2006-2916 — CVSS 7.8 (high): artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function…
CVE-2024-25420 — CVSS 7.2 (high): An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system…
CVE-2023-5369 — CVSS 7.1 (high): Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file…
CVE-2023-26239 — CVSS 5.5 (medium): An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain…
CVE-2021-3982 — CVSS 5.5 (medium): Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege…
CVE-2019-14879 — CVSS 5.4 (medium): A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment…
CVE-2026-44073 — CVSS 5.0 (medium): Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated…
CVE-2021-47129 — CVSS 4.6 (medium): In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: skip expectations for confirmed conntrack…
CVE-2023-52433 — CVSS 4.4 (medium): In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip sync GC for new elements in this…
CVE-2025-62175 — CVSS 4.3 (medium): Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or…
CVE-2021-37839 — CVSS 4.3 (medium): Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on…
CVE-2023-0657 — CVSS 3.4 (low): A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could…
CVE-2024-21848 — CVSS 3.1 (low): Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to…