CVEs classified under CWE-286, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2025-64725 — CVSS 9.8 (critical): Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user…
CVE-2023-26689 — CVSS 9.8 (critical): An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.
CVE-2025-7972 — CVSS 9.1 (critical): A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the…
CVE-2024-48853 — CVSS 9.0 (critical): An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT…
CVE-2026-35638 — CVSS 8.8 (high): OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain…
CVE-2023-3932 — CVSS 8.2 (high): An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before…
CVE-2024-28020 — CVSS 8.0 (high): A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious…
CVE-2023-25519 — CVSS 7.8 (high): NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an…
CVE-2024-58105 — CVSS 7.3 (high): A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing…
CVE-2021-21553 — CVSS 7.3 (high): Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can…
CVE-2023-20253 — CVSS 7.1 (high): A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local…
CVE-2024-27269 — CVSS 6.8 (medium): IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across…
CVE-2025-63563 — CVSS 6.5 (medium): Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password…
CVE-2022-45857 — CVSS 6.5 (medium): An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an…
CVE-2022-32260 — CVSS 6.5 (medium): A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary…
CVE-2024-46671 — CVSS 6.2 (medium): An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and…
CVE-2023-0857 — CVSS 5.9 (medium): Unintentional change of settings during initial registration of system administrators which uses control protocols. The affected Office /…
CVE-2021-26262 — CVSS 5.5 (medium): Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized…
CVE-2023-3914 — CVSS 5.4 (medium): A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to…
CVE-2023-3115 — CVSS 5.4 (medium): An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5…
CVE-2024-29296 — CVSS 5.3 (medium): A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference…
CVE-2024-45425 — CVSS 4.9 (medium): Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
CVE-2023-3907 — CVSS 4.9 (medium): A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to…
CVE-2023-51750 — CVSS 4.6 (medium): ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is…
CVE-2024-6356 — CVSS 4.4 (medium): An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and…
CVE-2024-52359 — CVSS 4.3 (medium): IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be…
CVE-2024-13041 — CVSS 4.2 (medium): An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and…