CVEs classified under CWE-279, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2024-37734 — CVSS 9.8 (critical): An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.
CVE-2025-14025 — CVSS 8.5 (high): A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for…
CVE-2025-22843 — CVSS 7.8 (high): Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated…
CVE-2025-23263 — CVSS 7.6 (high): NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of…
CVE-2024-25621 — CVSS 7.3 (high): containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and…
CVE-2025-30001 — CVSS 7.3 (high): Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6…
CVE-2026-20062 — CVSS 7.2 (high): A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an…
CVE-2025-13663 — CVSS 6.7 (medium): Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation…
CVE-2024-37025 — CVSS 6.7 (medium): Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1…
CVE-2023-50914 — CVSS 6.7 (medium): A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows…
CVE-2020-8025 — CVSS 6.1 (medium): A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux…
CVE-2026-4948 — CVSS 5.5 (medium): A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus)…
CVE-2025-20612 — CVSS 5.5 (medium): Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated…
CVE-2025-26422 — CVSS 4.0 (medium): In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing…
CVE-2025-36228 — CVSS 3.8 (low): IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to…
CVE-2025-23233 — CVSS 3.5 (low): Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated…
CVE-2024-39286 — CVSS 3.3 (low): Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4…