CWE-274
41 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-274page 1 of 1
- CVE-2017-3912MEDIUMCVSS 4.4EG 7.82018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
- CVE-2018-6674MEDIUMCVSS 6.8EG 3.92018-05-25
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator gr…
- CVE-2018-6693MEDIUMCVSS 5.3EG 4.72018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequenc…
- CVE-2020-24676HIGHCVSS 7.8EG 7.82020-12-22
In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending o…
- CVE-2020-7264HIGHCVSS 8.8EG 8.82020-05-08
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McA…
- CVE-2020-7265HIGHCVSS 8.8EG 8.82020-05-08
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action …
- CVE-2020-7266HIGHCVSS 8.8EG 8.82020-05-08
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redir…
- CVE-2020-7267HIGHCVSS 8.8EG 8.82020-05-08
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a Mc…
- CVE-2020-7283HIGHCVSS 7.5EG 7.52020-07-03
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through …
- CVE-2020-7285HIGHCVSS 7.8EG 7.82020-05-08
Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
- CVE-2020-7286HIGHCVSS 7.8EG 7.82020-05-08
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
- CVE-2020-7287HIGHCVSS 7.8EG 7.82020-05-08
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
- CVE-2020-7288HIGHCVSS 7.8EG 7.82020-05-08
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
- CVE-2020-7289HIGHCVSS 7.8EG 7.82020-05-08
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
- CVE-2020-7290HIGHCVSS 7.8EG 7.82020-05-08
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
- CVE-2020-7291HIGHCVSS 7.8EG 7.82020-05-08
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
- CVE-2021-32006MEDIUMCVSS 5.0EG 4.32022-03-10
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup fi…
- CVE-2021-35534HIGHCVSS 7.2EG 7.22021-11-18
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product do…
- CVE-2022-0668MEDIUMCVSS 5.3EG 9.82023-01-08
JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.
- CVE-2022-23160MEDIUMCVSS 5.4EG 4.32022-04-12
Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only …
- CVE-2022-23511HIGHCVSS 7.1EG 7.12022-12-12
A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a…
- CVE-2022-25782MEDIUMCVSS 5.4EG 5.42022-05-04
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7.
- CVE-2022-45101HIGHCVSS 7.3EG 9.82023-02-01
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and …
- CVE-2023-20516LOWCVSS 3.3EG 3.32025-09-06
Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity.
- CVE-2023-32494MEDIUMCVSS 6.7EG 6.72023-08-16
Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in complia…
- CVE-2023-35928HIGHCVSS 8.4EG 8.42023-06-23
Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.…
- CVE-2023-39375HIGHCVSS 7.5EG 7.52023-09-27
SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges
- CVE-2024-0105HIGHCVSS 8.9EG 8.92024-11-01
NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited info…
- CVE-2024-0106HIGHCVSS 8.7EG 8.72024-11-01
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to d…
- CVE-2024-12666MEDIUMCVSS 4.7EG 4.72024-12-16
A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation l…
- CVE-2024-20324MEDIUMCVSS 5.5EG 5.52024-03-27
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attack…
- CVE-2024-21648HIGHCVSS 8.0EG 8.02024-01-09
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't hav…
- CVE-2024-41942HIGHCVSS 7.2EG 7.22024-08-08
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full…
- CVE-2024-46974HIGHCVSS 7.8EG 7.82025-01-31
Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.
- CVE-2025-20156CRITICALCVSS 9.9EG 9.92025-01-22
A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authoriz…
- CVE-2025-20177MEDIUMCVSS 6.7EG 6.72025-03-12
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability…
- CVE-2025-29365CRITICALCVSS 9.8EG 9.82025-08-22
spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL.
- CVE-2025-31275MEDIUMCVSS 6.2EG 6.22025-07-30
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to launch any installed app.
- CVE-2025-54511MEDIUMCVSS 5.3EG 5.32026-05-15
Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of inte…
- CVE-2025-62175MEDIUMCVSS 4.3EG 4.32025-10-13
Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled o…
- CVE-2026-33005MEDIUMCVSS 4.3EG 4.32026-04-09
Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata inclu…
Map vulnerabilities like CWE-274 to your infrastructure
EchelonGraph correlates every CVE — across CWE-274 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →