CVEs classified under CWE-282, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2026-23514 — CVSS 8.8 (high): Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows…
CVE-2020-10632 — CVSS 8.8 (high): Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration…
CVE-2025-27254 — CVSS 8.0 (high): CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup…
CVE-2024-39755 — CVSS 7.8 (high): A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file can…
CVE-2024-37999 — CVSS 7.8 (high): A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted…
CVE-2017-12189 — CVSS 7.8 (high): It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file…
CVE-2025-57732 — CVSS 7.5 (high): In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership
CVE-2024-3383 — CVSS 7.4 (high): A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables…
CVE-2022-0026 — CVSS 6.7 (medium): A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an…
CVE-2024-47816 — CVSS 6.4 (medium): ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell…
CVE-2026-40214 — CVSS 6.3 (medium): In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column…
CVE-2024-8949 — CVSS 6.3 (medium): A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file…
CVE-2024-45104 — CVSS 6.3 (medium): A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device…
CVE-2023-7226 — CVSS 6.3 (medium): A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of…
CVE-2026-3867: An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a…
CVE-2024-43176 — CVSS 5.4 (medium): IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to…
CVE-2025-32946 — CVSS 5.3 (medium): This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code…
CVE-2025-67642 — CVSS 4.3 (medium): Jenkins HashiCorp Vault Plugin 371.v884a_4dd60fb_6 and earlier does not set the appropriate context for Vault credentials lookup, allowing…
CVE-2025-1112 — CVSS 4.3 (medium): IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to…
CVE-2025-3629 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to…
CVE-2025-32945 — CVSS 4.3 (medium): The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code…
CVE-2024-45103 — CVSS 4.3 (medium): A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient…
CVE-2023-0989 — CVSS 4.3 (medium): An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4…
CVE-2025-46416 — CVSS 2.9 (low): The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user…