VYPR

CWE-269

Improper Privilege Management

ClassDraftLikelihood: Medium

Description

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-122 · CAPEC-233 · CAPEC-58

CVEs mapped to this weakness (1,039)

page 6 of 52
  • CVE-2026-8980CriMay 28, 2026
    risk 0.60cvss epss 0.00

    The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin (operator) and manufacturer accounts via crafted POST requests.

  • CVE-2025-66266CriNov 26, 2025
    risk 0.60cvss epss 0.00

    The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to…

  • CVE-2023-4976CriJul 17, 2024
    risk 0.60cvss epss 0.00

    A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.

  • CVE-2024-6624CriJul 11, 2024
    risk 0.60cvss 9.8epss 0.03

    The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site.…

  • CVE-2017-5671HigMar 29, 2017
    risk 0.60cvss 8.8epss 0.01

    Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root…

  • CVE-2026-34989CriApr 6, 2026
    risk 0.59cvss 9.0epss 0.00

    CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails to properly sanitize user-controlled input when users update their profile name (e.g., full name…

  • CVE-2026-1492CriMar 3, 2026
    risk 0.59cvss 9.8epss 0.26

    The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the…

  • CVE-2013-10052HigAug 4, 2025
    risk 0.59cvss epss 0.00

    ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. However, when misconfigured in /etc/sudoers, zsudo can be invoked by low-privileged users to execute arbitrary commands as root. This flaw enables local…

  • CVE-2025-4334CriJun 26, 2025
    risk 0.59cvss 9.8epss 0.02

    The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated…

  • CVE-2024-33308CriApr 30, 2024
    risk 0.59cvss 9.1epss 0.01

    An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.

  • CVE-2023-2833HigJun 6, 2023
    risk 0.59cvss 8.8epss 0.17

    The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a…

  • CVE-2018-13799CriSep 12, 2018
    risk 0.59cvss 9.1epss 0.02

    A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14.…

  • CVE-2018-1000141CriMar 23, 2018
    risk 0.59cvss 9.1epss 0.01

    I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions.

  • CVE-2017-5142CriFeb 13, 2017
    risk 0.59cvss 9.1epss 0.01

    An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management.

  • CVE-2026-45176HigJun 11, 2026
    risk 0.58cvss epss 0.00

    Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific…

  • CVE-2012-10022HigAug 1, 2025
    risk 0.58cvss epss 0.00

    Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This…

  • CVE-2016-15045HigJul 23, 2025
    risk 0.58cvss epss 0.00

    A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user…

  • CVE-2025-0416HigApr 1, 2025
    risk 0.58cvss epss 0.00

    Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege…

  • CVE-2024-57778HigFeb 14, 2025
    risk 0.58cvss 8.8epss 0.01

    An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200.

  • CVE-2014-1529HigApr 30, 2014
    risk 0.58cvss 8.8epss 0.04

    The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a…