CVEs classified under CWE-275, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2017-6513 — CVSS 9.9 (critical): The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote…
CVE-2017-16887 — CVSS 9.8 (critical): The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal…
CVE-2023-39399 — CVSS 9.1 (critical): Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be…
CVE-2023-39398 — CVSS 9.1 (critical): Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be…
CVE-2019-2177 — CVSS 8.8 (high): In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions…
CVE-2013-3703 — CVSS 8.8 (high): The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker…
CVE-2016-8520 — CVSS 8.8 (high): HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some…
CVE-2017-11463 — CVSS 8.8 (high): In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference…
CVE-2015-5153 — CVSS 8.8 (high): Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted…
CVE-2016-4924 — CVSS 8.4 (high): An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access…
CVE-2016-4288 — CVSS 8.4 (high): A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with…
CVE-2020-14496 — CVSS 8.3 (high): Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various…
CVE-2016-10846 — CVSS 8.1 (high): cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).
CVE-2017-2590 — CVSS 8.1 (high): A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions…
CVE-2014-1632 — CVSS 8.1 (high): htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
CVE-2022-25153 — CVSS 7.8 (high): The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to…
CVE-2019-11146 — CVSS 7.8 (high): Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable…
CVE-2019-11145 — CVSS 7.8 (high): Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable…
CVE-2017-18390 — CVSS 7.8 (high): cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).
CVE-2016-7066 — CVSS 7.8 (high): It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow…
CVE-2016-8732 — CVSS 7.8 (high): Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on…
CVE-2015-8300 — CVSS 7.8 (high): Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe…
CVE-2016-7382 — CVSS 7.8 (high): For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer…
CVE-2016-8856 — CVSS 7.8 (high): Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file…
CVE-2021-1437 — CVSS 7.5 (high): A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote…
CVE-2016-9061 — CVSS 7.5 (high): A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API…
CVE-2016-5299 — CVSS 7.5 (high): A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for…
CVE-2014-1631 — CVSS 7.5 (high): Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
CVE-2017-17876 — CVSS 7.5 (high): Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download…
CVE-2016-7988 — CVSS 7.5 (high): On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the…
CVE-2017-8153 — CVSS 7.1 (high): Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker…
CVE-2015-7842 — CVSS 7.1 (high): Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628…
CVE-2026-28553 — CVSS 6.9 (medium): Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect…
CVE-2016-8214 — CVSS 6.7 (medium): EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious…
CVE-2026-41976 — CVSS 6.6 (medium): Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vulnerability may affect service…
CVE-2016-10818 — CVSS 6.5 (medium): cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).
CVE-2016-3022 — CVSS 6.5 (medium): IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file…
CVE-2024-3118 — CVSS 6.3 (medium): A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of…
CVE-2023-5263 — CVSS 6.3 (medium): A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file…
CVE-2023-3759 — CVSS 6.3 (medium): A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0. Affected is an unknown function. The manipulation…
CVE-2026-41969 — CVSS 6.2 (medium): Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service…
CVE-2017-7088 — CVSS 5.9 (medium): An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Exchange ActiveSync" component. It…
CVE-2025-54624 — CVSS 5.7 (medium): Unexpected injection event vulnerability in the multimodalinput module. Impact: Successful exploitation of this vulnerability may affect…
CVE-2025-53168 — CVSS 5.7 (medium): Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this…
CVE-2025-58288 — CVSS 5.5 (medium): Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
CVE-2020-6022 — CVSS 5.5 (medium): Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware.
CVE-2019-12622 — CVSS 5.5 (medium): A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root…