VYPR

CWE-269

Improper Privilege Management

ClassDraftLikelihood: Medium

Description

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-122 · CAPEC-233 · CAPEC-58

CVEs mapped to this weakness (1,039)

page 22 of 52
  • CVE-2017-5207HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.00

    Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.

  • CVE-2017-6401HigMar 2, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.

  • CVE-2016-2067HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain…

  • CVE-2016-2066HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a…

  • CVE-2016-2061HigJun 13, 2016
    risk 0.51cvss 7.8epss 0.01

    Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory…

  • CVE-2008-2931HigJul 9, 2008
    risk 0.51cvss 7.8epss 0.00

    The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.

  • CVE-2026-46617HigJun 10, 2026
    risk 0.50cvss epss 0.00

    Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher…

  • CVE-2026-11616HigJun 9, 2026
    risk 0.50cvss 8.8epss 0.00

    The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajax_ayi_action() handler only applying strip_tags(esc_sql()) — with no allow-list — to the attacker-controlled…

  • CVE-2026-44543HigMay 28, 2026
    risk 0.50cvss 8.7epss 0.00

    Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used…

  • CVE-2026-35671HigMay 28, 2026
    risk 0.50cvss 8.8epss 0.00

    phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials…

  • CVE-2026-45716HigMay 27, 2026
    risk 0.50cvss 8.8epss 0.00

    Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured (the default for self-hosted…

  • CVE-2026-8719HigMay 17, 2026
    risk 0.50cvss 8.8epss 0.00

    The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token…

  • CVE-2026-6228HigMay 15, 2026
    risk 0.50cvss 8.8epss 0.00

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the…

  • CVE-2026-42844HigMay 12, 2026
    risk 0.50cvss 8.8epss 0.00

    Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This…

  • CVE-2026-33821HigMay 12, 2026
    risk 0.50cvss 7.7epss 0.01

    Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-41489HigMay 11, 2026
    risk 0.50cvss 8.8epss 0.00

    Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd (pihole-FTL-prestart.sh and pihole-FTL-poststop.sh) read the files.pid…

  • CVE-2026-24072HigMay 4, 2026
    risk 0.50cvss 8.8epss 0.01

    An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

  • CVE-2026-7641HigMay 2, 2026
    risk 0.50cvss 8.8epss 0.01

    The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the `save_extra_user_profile_fields()` function. This is due to an incomplete blocklist that correctly restricts capability meta…

  • CVE-2026-42426HigApr 28, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write…

  • CVE-2026-6741HigApr 27, 2026
    risk 0.50cvss 8.8epss 0.00

    The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute() method of the connect-customer-to-wp-user…