VYPR

CWE-648

Incorrect Use of Privileged APIs

BaseIncompleteLikelihood: Low

Description

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-107 · CAPEC-234

CVEs mapped to this weakness (31)

page 2 of 2
  • CVE-2025-1161HigDec 10, 2025
    risk 0.46cvss 7.1epss 0.00

    Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation. This issue affects Nomysem: through May 2025.

  • CVE-2026-35625HigApr 9, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local…

  • CVE-2024-53007MedJan 31, 2025
    risk 0.42cvss 6.4epss 0.00

    Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call.

  • CVE-2025-63291MedNov 14, 2025
    risk 0.35cvss 5.4epss 0.00

    When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object…

  • CVE-2026-22922Feb 9, 2026
    risk 0.00cvss epss 0.00

    Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later,…

  • CVE-2024-46978Sep 18, 2024
    risk 0.00cvss epss 0.01

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user…

  • CVE-2023-29507Apr 16, 2023
    risk 0.00cvss epss 0.01

    XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is…

  • CVE-2022-4796Dec 28, 2022
    risk 0.00cvss epss 0.01

    Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4805Dec 28, 2022
    risk 0.00cvss epss 0.01

    Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4687Dec 23, 2022
    risk 0.00cvss epss 0.01

    Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.

  • CVE-2022-24821Apr 8, 2022
    risk 0.00cvss epss 0.01

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed…