CWE-267
62 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-267page 2 of 2
- CVE-2025-62590HIGHCVSS 8.2EG 8.22025-10-21
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the i…
- CVE-2025-62591MEDIUMCVSS 6.0EG 6.02025-10-21
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the i…
- CVE-2025-62641HIGHCVSS 8.2EG 8.22025-10-21
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the i…
- CVE-2025-7030MEDIUMCVSS 6.5EG 6.52025-07-08
Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.1…
- CVE-2025-7691MEDIUMCVSS 6.5EG 6.52025-09-26
A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions t…
- CVE-2026-0945HIGHCVSS 8.8EG 5.32026-02-04
Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0.
- CVE-2026-23526HIGHCVSS 8.8EG 8.82026-01-21
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status an…
- CVE-2026-27314HIGHCVSS 8.8EG 8.82026-04-07
Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, a…
- CVE-2026-29646CRITICALCVSS 9.8EG 9.82026-04-20
In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to the supervisor interrupt-enable CSR (sie) may be handled incorrectly and can influence machine-level interrupt enable st…
- CVE-2026-42406HIGHCVSS 8.7EG 8.72026-05-13
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software …
- CVE-2026-6816LOWCVSS 3.8EG 3.82026-05-28
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2.
- CVE-2026-9560HIGHCVSS 7.8EG 7.82026-05-26
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel
Map vulnerabilities like CWE-267 to your infrastructure
EchelonGraph correlates every CVE — across CWE-267 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →