CWE-1220 — Vulnerability Class 68

68 vulnerabilities classified as CWE-1220. AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-38743	Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities — Apache Airflow	4.3^AI	Medium^AI	2026-04-24
CVE-2026-40690	Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users — Apache Airflow	4.3^AI	Medium^AI	2026-04-24
CVE-2026-6388	Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation — Red Hat OpenShift GitOps	9.1	Critical	2026-04-15
CVE-2026-33825	Microsoft Defender Elevation of Privilege Vulnerability — Microsoft Defender Antimalware Platform	7.8	High	2026-04-14
CVE-2025-20628	Insufficient granularity of access control for Remote Connector Servers in client mode — PingIDM	5.9^AI	Medium^AI	2026-04-07
CVE-2026-20107	Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability — Cisco Application Policy Infrastructure Controller (APIC)	5.5	Medium	2026-02-25
CVE-2025-48514	AMD Processors 安全漏洞 — AMD EPYC™ 9004 Series Processors	2.3^AI	Low^AI	2026-02-10
CVE-2025-48517	AMD EPYC 9005 Series 安全漏洞 — AMD EPYC™ 9005 Series Processors	3.2^AI	Low^AI	2026-02-10
CVE-2024-4147	Insufficient Access Control in lunary-ai/lunary — lunary-ai/lunary	4.3^AI	Medium^AI	2026-02-02
CVE-2025-11246	Insufficient Granularity of Access Control in GitLab — GitLab	5.4	Medium	2026-01-09
CVE-2025-8306	Improper Access Control in Asseco Infomedica Plus — InfoMedica Plus	8.8	-	2026-01-08
CVE-2025-20305	Cisco Identity Services Engine 安全漏洞 — Cisco Identity Services Engine Software	4.3	Medium	2025-11-05
CVE-2025-8049	Insufficient Access Control vulnerability has been discovered in OpenText Flipper. — Flipper	7.8^AI	High^AI	2025-10-20
CVE-2025-8053	Insufficient access control vulnerability has been discovered in Opentext Flipper. — Flipper	8.8^AI	High^AI	2025-10-20
CVE-2025-54461	ChatLuck 安全漏洞 — ChatLuck	9.1^AI	Critical^AI	2025-10-16
CVE-2025-7493	Freeipa: idm: privilege escalation from host to domain admin in freeipa — Red Hat Enterprise Linux 10	9.1	Critical	2025-09-30
CVE-2024-21947	AMD Embedded Processors和AMD Client Processor 安全漏洞 — AMD Ryzen™ Threadripper™ 3000 Processors	7.5	High	2025-09-06
CVE-2025-31961	HCL Connections is vulnerable to broken access control — Connections	3.7	Low	2025-08-15
CVE-2025-2498	Insufficient Granularity of Access Control in GitLab — GitLab	3.1	Low	2025-08-13
CVE-2025-7001	Insufficient Granularity of Access Control in GitLab — GitLab	4.3	Medium	2025-07-24
CVE-2025-3648	Data Inference in Now Platform via Conditional ACLs — Now Platform	5.3^AI	Medium^AI	2025-07-08
CVE-2025-27026	Improper Access Control Granularity impacting Infinera G42 — G42	4.9	Medium	2025-07-02
CVE-2025-4404	Freeipa: idm: privilege escalation from host to domain admin in freeipa	9.1	Critical	2025-06-17
CVE-2025-5982	Insufficient Granularity of Access Control in GitLab — GitLab	3.7	Low	2025-06-12
CVE-2025-1110	Insufficient Granularity of Access Control in GitLab — GitLab	2.7	Low	2025-05-22
CVE-2025-4979	Insufficient Granularity of Access Control in GitLab — GitLab	4.9	Medium	2025-05-22
CVE-2025-32703	Visual Studio Information Disclosure Vulnerability — Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)	5.5	Medium	2025-05-13
CVE-2025-1278	Insufficient Granularity of Access Control in GitLab — GitLab	5.3	Medium	2025-05-09
CVE-2025-2408	Insufficient Granularity of Access Control in GitLab — GitLab	5.3	Medium	2025-04-10
CVE-2024-33058	Insufficient Granularity of Access Control in Core — Snapdragon	7.5	High	2025-04-07

Vulnerabilities classified as CWE-1220 represent 68 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-1220 — Vulnerability Class 68