CVEs classified under CWE-274, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2025-20156 — CVSS 9.9 (critical): A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate…
CVE-2024-0105 — CVSS 8.9 (high): NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A…
CVE-2024-0106 — CVSS 8.7 (high): NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper…
CVE-2023-35928 — CVSS 8.4 (high): Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until…
CVE-2024-21648 — CVSS 8.0 (high): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a…
CVE-2020-24676 — CVSS 7.8 (high): In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged…
CVE-2024-41942 — CVSS 7.2 (high): JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is…
CVE-2022-23511 — CVSS 7.1 (high): A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon…
CVE-2025-20177 — CVSS 6.7 (medium): A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image…
CVE-2023-32494 — CVSS 6.7 (medium): Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker…
CVE-2025-31275 — CVSS 6.2 (medium): A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able…
CVE-2024-20324 — CVSS 5.5 (medium): A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN…
CVE-2025-54511: Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a…
CVE-2026-33005 — CVSS 4.3 (medium): Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their…
CVE-2023-20516 — CVSS 3.3 (low): Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs)…