CVEs classified under CWE-277, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (37)
CVE-2024-36540 — CVSS 9.8 (critical): Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service…
CVE-2024-36539 — CVSS 9.8 (critical): Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service…
CVE-2026-7891: The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration…
CVE-2024-36542 — CVSS 8.8 (high): Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's…
CVE-2024-6605 — CVSS 8.8 (high): Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects…
CVE-2023-27842 — CVSS 8.8 (high): Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code…
CVE-2024-34329 — CVSS 8.4 (high): Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-patch-E24-004 patch allows…
CVE-2024-29417 — CVSS 8.4 (high): Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password…
CVE-2024-7143 — CVSS 8.3 (high): A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation…
CVE-2026-30266 — CVSS 7.8 (high): Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.12 and before allows a local attacker to execute arbitrary code via a…
CVE-2024-27822 — CVSS 7.8 (high): A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to gain root…
CVE-2024-23233 — CVSS 7.8 (high): This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to…
CVE-2023-33990 — CVSS 7.8 (high): SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An…
CVE-2025-20008 — CVSS 7.7 (high): Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow a privileged user to…
CVE-2024-41601 — CVSS 7.5 (high): Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login…
CVE-2025-37174 — CVSS 7.2 (high): Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10…
CVE-2024-27825 — CVSS 7.1 (high): A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS…
CVE-2025-32797 — CVSS 7.0 (high): Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the write_build_scripts function in conda-build…
CVE-2025-64185: Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, Open OnDemand packages create world writable locations in…
CVE-2025-29982 — CVSS 6.8 (medium): Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker…
CVE-2025-32092 — CVSS 6.7 (medium): Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 within Ring 3: User Applications may allow…
CVE-2025-24327 — CVSS 6.7 (medium): Insecure inherited permissions for some Intel(R) Rapid Storage Technology Application before version 20.0.1021 within Ring 3: User…
CVE-2025-3473 — CVSS 6.7 (medium): IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions…
CVE-2025-20629 — CVSS 6.7 (medium): Insecure inherited permissions in the NVM Update Utility for some Intel(R) Ethernet Network Adapter E810 Series before version 4.60 may…
CVE-2023-45736 — CVSS 6.7 (medium): Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially…
CVE-2025-31332 — CVSS 6.6 (medium): Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system…
CVE-2025-56019 — CVSS 6.5 (medium): An insecure permission vulnerability exists in the Agasta Easytouch+ version 9.3.97 The device allows unauthorized mobile applications to…
CVE-2024-36691 — CVSS 6.3 (medium): Insecure permissions in the AdminController.AjaxSave() method of PPGo_Jobs v2.8.0 allows authenticated attackers to arbitrarily modify…
CVE-2025-22448 — CVSS 6.1 (medium): Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow an authenticated user…
CVE-2026-20630 — CVSS 5.5 (medium): A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access…
CVE-2023-28207 — CVSS 5.5 (medium): The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A…
CVE-2024-27847 — CVSS 5.5 (medium): This issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS…
CVE-2024-27834 — CVSS 5.5 (medium): The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5…
CVE-2025-65111 — CVSS 5.3 (medium): SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if…
CVE-2025-9039 — CVSS 4.3 (medium): We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by…
CVE-2024-45599 — CVSS 3.8 (low): Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or…