VYPR

CWE-250

Execution with Unnecessary Privileges

BaseDraftLikelihood: Medium

Description

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-104 · CAPEC-470 · CAPEC-69

CVEs mapped to this weakness (139)

page 6 of 7
  • CVE-2025-1790MedFeb 13, 2026
    risk 0.38cvss epss 0.00

    Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.

  • CVE-2026-25740MedFeb 9, 2026
    risk 0.38cvss epss 0.00

    captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (binding to privileged…

  • CVE-2024-5042MedMay 17, 2024
    risk 0.36cvss 6.6epss 0.01

    A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire…

  • CVE-2017-7518MedJul 30, 2018
    risk 0.36cvss 5.5epss 0.01

    A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could…

  • CVE-2026-11626MedJun 10, 2026
    risk 0.35cvss epss 0.00

    CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control.

  • CVE-2025-62876MedNov 12, 2025
    risk 0.34cvss epss 0.00

    A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4.

  • CVE-2025-6894MedOct 17, 2025
    risk 0.34cvss epss 0.01

    An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative `ping`…

  • CVE-2025-32955MedApr 21, 2025
    risk 0.32cvss 6.0epss 0.00

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using…

  • CVE-2026-42890MedJun 12, 2026
    risk 0.31cvss epss 0.00

    Actual is an open-source personal finance application. In the macOS desktop application version 25.x (built on Electron 39.2.7), the ELECTRON_RUN_AS_NODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the…

  • CVE-2024-8903MedSep 23, 2024
    risk 0.31cvss 4.7epss 0.00

    Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows, macOS) before build 38565.

  • CVE-2026-20037MedFeb 25, 2026
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary…

  • CVE-2025-42943MedAug 12, 2025
    risk 0.29cvss 4.5epss 0.00

    SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to…

  • CVE-2018-10856MedJul 3, 2018
    risk 0.28cvss 5.3epss 0.01

    It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.

  • CVE-2026-50565MedJun 10, 2026
    risk 0.25cvss 4.9epss 0.00

    Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken:…

  • CVE-2026-22008LowApr 21, 2026
    risk 0.24cvss 3.7epss 0.00

    Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful…

  • CVE-2026-47190MedJun 12, 2026
    risk 0.22cvss 4.4epss 0.00

    IPAM is the IP address Manager for Cluster API Provider Metal3. Prior to versions 1.11.7, 1.12.4, and 1.13.0, the IPAM controller's ClusterRole granted full CRUD permissions (create, delete, get, list, patch, update, watch) on core/v1 Secrets. The controller never accesses…

  • CVE-2026-54319Jun 18, 2026
    risk 0.00cvss epss 0.00

    ## Summary A sandbox volume reference (`volumeId`, which may also be a volume name) was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing path-traversal sequences could in principle resolve the mount source…

  • CVE-2026-30225Mar 6, 2026
    risk 0.00cvss epss 0.00

    OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction…

  • CVE-2026-27002Feb 19, 2026
    risk 0.00cvss epss 0.00

    OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options (bind mounts, host networking, unconfined profiles) to be applied, enabling container escape or host data access.…

  • CVE-2026-23742Jan 16, 2026
    risk 0.00cvss epss 0.00

    Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes…