CWE-250
Execution with Unnecessary Privileges
Description
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-104 · CAPEC-470 · CAPEC-69
CVEs mapped to this weakness (139)
page 7 of 7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-23528 | 0.00 | — | 0.00 | Jan 16, 2026 | Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS)… | |||
| CVE-2025-67510 | 0.00 | — | 0.00 | Dec 10, 2025 | Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”),… | |||
| CVE-2025-62402 | 0.00 | — | 0.00 | Oct 30, 2025 | API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available. | |||
| CVE-2025-62503 | 0.00 | — | 0.00 | Oct 30, 2025 | User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action. | |||
| CVE-2025-24814 | 0.00 | — | 0.01 | Jan 27, 2025 | Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization… | |||
| CVE-2024-7041 | 0.00 | — | 0.00 | Oct 9, 2024 | An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other… | |||
| CVE-2024-45034 | 0.00 | — | 0.02 | Sep 7, 2024 | Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to… | |||
| CVE-2023-30617 | 0.00 | — | 0.00 | Jan 3, 2024 | Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all… | |||
| CVE-2023-1943 | — | 0.00 | — | 0.01 | Oct 11, 2023 | Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode. | ||
| CVE-2023-32080 | 0.00 | — | 0.01 | May 10, 2023 | Wings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings… | |||
| CVE-2022-39286 | 0.00 | — | 0.01 | Oct 26, 2022 | Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows… | |||
| CVE-2022-21699 | 0.00 | — | 0.01 | Jan 19, 2022 | IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing… | |||
| CVE-2020-27826 | 0.00 | — | 0.01 | May 28, 2021 | A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application. | |||
| CVE-2020-2023 | 0.00 | — | 0.01 | Jun 10, 2020 | Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata… | |||
| CVE-2020-10684 | 0.00 | — | 0.00 | Mar 24, 2020 | A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker… | |||
| CVE-2019-16784 | 0.00 | — | 0.01 | Jan 14, 2020 | In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath"… | |||
| CVE-2018-10853 | Hig | 0.00 | 7.0 | 0.00 | Sep 11, 2018 | A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to… | ||
| CVE-2018-10892 | Med | 0.00 | 5.3 | 0.01 | Jul 6, 2018 | The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. | ||
| CVE-2003-0043 | 0.00 | — | 0.04 | Feb 7, 2003 | Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. |
- CVE-2026-23528Jan 16, 2026risk 0.00cvss —epss 0.00
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS)…
- CVE-2025-67510Dec 10, 2025risk 0.00cvss —epss 0.00
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”),…
- CVE-2025-62402Oct 30, 2025risk 0.00cvss —epss 0.00
API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.
- CVE-2025-62503Oct 30, 2025risk 0.00cvss —epss 0.00
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.
- CVE-2025-24814Jan 27, 2025risk 0.00cvss —epss 0.01
Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization…
- CVE-2024-7041Oct 9, 2024risk 0.00cvss —epss 0.00
An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other…
- CVE-2024-45034Sep 7, 2024risk 0.00cvss —epss 0.02
Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to…
- CVE-2023-30617Jan 3, 2024risk 0.00cvss —epss 0.00
Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all…
- CVE-2023-1943Oct 11, 2023risk 0.00cvss —epss 0.01
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.
- CVE-2023-32080May 10, 2023risk 0.00cvss —epss 0.01
Wings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings…
- CVE-2022-39286Oct 26, 2022risk 0.00cvss —epss 0.01
Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows…
- CVE-2022-21699Jan 19, 2022risk 0.00cvss —epss 0.01
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing…
- CVE-2020-27826May 28, 2021risk 0.00cvss —epss 0.01
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.
- CVE-2020-2023Jun 10, 2020risk 0.00cvss —epss 0.01
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata…
- CVE-2020-10684Mar 24, 2020risk 0.00cvss —epss 0.00
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker…
- CVE-2019-16784Jan 14, 2020risk 0.00cvss —epss 0.01
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath"…
- risk 0.00cvss 7.0epss 0.00
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to…
- risk 0.00cvss 5.3epss 0.01
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.
- CVE-2003-0043Feb 7, 2003risk 0.00cvss —epss 0.04
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.