Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-250 (带着不必要的权限执行) — Vulnerability Class 233

233 vulnerabilities classified as CWE-250 (带着不必要的权限执行). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-13506 Improper Authorization in Nebim Neyir's Nebim V3 ERP — Nebim V3 ERP 8.8 High2025-12-12
CVE-2025-67510 MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”) — neuron-ai 9.4 Critical2025-12-10
CVE-2025-62876 LightDM KDE Greeter 安全漏洞 — openSUSE 7.8 -2025-11-12
CVE-2025-9055 AXIS OS 安全漏洞 — AXIS OS 6.4 Medium2025-11-11
CVE-2025-46430 Dell Display and Peripheral Manager 安全漏洞 — Display and Peripheral Manager 7.3 High2025-11-10
CVE-2025-36186 IBM Db2 privilege escalation — Db2 7.4 High2025-11-07
CVE-2025-10885 Privilege Escalation Vulnerability — Installer 7.8 High2025-11-06
CVE-2025-43990 Dell Command Monitor 安全漏洞 — Command Monitor (DCM) 7.3 High2025-11-05
CVE-2025-33003 IBM InfoSphere Information Server is vulnerable to privilege escalation — InfoSphere Information Server 7.8 High2025-10-31
CVE-2018-25123 Nagios XI < 5.5.7 Privilege Escalation via MRTG Graphing Component — XI 7.8AIHighAI2025-10-30
CVE-2021-47700 Nagios XI < 5.8.7 Insecure Permissions on Highcharts Temporary Directory — XI 7.8AIHighAI2025-10-30
CVE-2025-34274 Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges — Log Server 8.8AIHighAI2025-10-30
CVE-2025-36137 IBM Sterling Connect:Direct for UNIX command execution — Sterling Connect:Direct for Unix 7.2 High2025-10-30
CVE-2025-62402 Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API — Apache Airflow 8.0AIHighAI2025-10-30
CVE-2025-62503 Apache Airflow: Privilege boundary bypass in bulk APIs (create action can upsert existing Pools/Connections/Variables) — Apache Airflow 6.5AIMediumAI2025-10-30
CVE-2025-43017 HP ThinPro 8.1 SP8 Security Updates — HP ThinPro 8.1 9.4AICriticalAI2025-10-28
CVE-2025-6949 Moxa多款产品 安全漏洞 — EDR-G9010 Series 8.8AIHighAI2025-10-17
CVE-2025-6894 Moxa多款产品 安全漏洞 — EDR-G9010 Series 6.4AIMediumAI2025-10-17
CVE-2025-6893 Moxa多款产品 安全漏洞 — EDR-G9010 Series 8.1AIHighAI2025-10-17
CVE-2025-34515 Ilevia EVE X1 Server 4.7.18.0.eden Root Privilege Escalation — EVE X1 Server 9.8AICriticalAI2025-10-16
CVE-2025-61909 Icinga 2 signals sent as root to processes based on PID file written by the Icinga 2 daemon user — icinga2 3.3AILowAI2025-10-16
CVE-2025-57780 F5OS Vulnerability — F5OS - Appliance 7.8 High2025-10-15
CVE-2025-8486 Lenovo PC Manager 安全漏洞 — PC Manager 7.8 High2025-10-15
CVE-2025-59481 BIG-IP iControl REST and tmsh vulnerability — BIG-IP 6.5 Medium2025-10-15
CVE-2025-61958 BIG-IP TMSH vulnerability — BIG-IP 6.5 Medium2025-10-15
CVE-2025-36356 IBM Security Verify Access privilege escalation — Security Verify Access Appliance 9.3 Critical2025-10-06
CVE-2025-58432 ZimaOS Privilege Escalation using localhost calls to File API Upload — ZimaOS 7.8AIHighAI2025-09-17
CVE-2025-58431 ZimaOS reads arbitrary files using localhost calls to File API Download — ZimaOS 6.5AIMediumAI2025-09-17
CVE-2024-47120 IBM Security Verify Information Queue code execution — Security Verify Information Queue 6.4 Medium2025-09-10
CVE-2025-42958 Missing Authentication check in SAP NetWeaver — SAP NetWeaver 9.1 Critical2025-09-09

Vulnerabilities classified as CWE-250 (带着不必要的权限执行) represent 233 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.