Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-280 (不充分权限或特权的处理不恰当) — Vulnerability Class 106

106 vulnerabilities classified as CWE-280 (不充分权限或特权的处理不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-27910 Windows Installer Elevation of Privilege Vulnerability — Windows 10 Version 1607 7.8 High2026-04-14
CVE-2026-24096 Insufficient permission validation on multiple REST API Quick Setup endpoints — Checkmk 8.8AIHighAI2026-04-01
CVE-2026-2123 Privilege escalation vulnerability in Operations Agent — Operations Agent 7.8 -2026-03-31
CVE-2026-3190 Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protection api — Red Hat build of Keycloak 26.4 4.3 Medium2026-03-26
CVE-2026-21736 GPU DDK - Insufficient permission check in PhysmemWrapExtMem() when write attribute support enabled — Graphics DDK 7.1AIHighAI2026-03-09
CVE-2026-1772 Hitachi Energy RTU500 安全漏洞 — RTU500 series CMU firmware 5.3AIMediumAI2026-02-24
CVE-2026-23857 Dell Update Package Framework 安全漏洞 — Update Package 8.2 High2026-02-12
CVE-2025-67848 Moodle: moodle: authentication bypass via lti provider allows suspended users to gain unauthorized access. 8.1 High2026-02-03
CVE-2026-20817 Windows Error Reporting Service Elevation of Privilege Vulnerability — Windows 10 Version 21H2 7.8 High2026-01-13
CVE-2025-64997 Insufficient permission validation when showing agent information — Checkmk 6.5AIMediumAI2025-12-18
CVE-2025-58770 TCG2 TPM RT Not Locked Issue — AptioV 7.8AIHighAI2025-12-12
CVE-2025-58121 Insufficient permission validation on multiple REST API endpoints — Checkmk 8.8AIHighAI2025-11-18
CVE-2025-58122 Insufficient permission validation when configuring notification parameters — Checkmk 8.1AIHighAI2025-11-18
CVE-2025-58410 GPU DDK - Multiple calls into PhysmemGEMPrimeExport can inherit write access permission for an existing read-only dma_buf import PMR — Graphics DDK 7.8AIHighAI2025-11-17
CVE-2025-62510 FileRise insecure folder visibility via name-based mapping and incomplete ACL checks — FileRise 8.1 High2025-10-20
CVE-2025-62509 FileRise improper ownership/permission validation allowed cross-tenant file operations — FileRise 8.1 High2025-10-20
CVE-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels — mastodon 4.3 Medium2025-10-13
CVE-2025-45376 Dell Repository Manager 安全漏洞 — Dell Repository Manager (DRM) 7.5 High2025-09-29
CVE-2025-58457 Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands — Apache ZooKeeper 8.8AIHighAI2025-09-24
CVE-2025-59040 Tuleap backlog item representations do not verify the permissions of the child trackers — tuleap 4.3 Medium2025-09-18
CVE-2025-50170 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.8 High2025-08-12
CVE-2025-6573 GPU DDK - RGXFW_CTL.pui8FWScratchBuf Leak/Overwrite — Graphics DDK 5.5 -2025-08-08
CVE-2025-8109 GPU DDK - GPU shader shared memory corrupted using ptrace to disrupt GPU operation — Graphics DDK 7.1AIHighAI2025-08-04
CVE-2025-49731 Microsoft Teams Elevation of Privilege Vulnerability — Microsoft Teams for Android 3.1 Low2025-07-08
CVE-2025-27025 Improper File Access in Infinera G42 — G42 8.8 High2025-07-02
CVE-2025-27024 Improper File Access in Infinera G42 — G42 6.5 Medium2025-07-02
CVE-2025-46708 GPU DDK - Guest VM can delay the FW and GPU from processing workloads from other VMs — Graphics DDK 5.5AIMediumAI2025-06-27
CVE-2025-22256 Fortinet FortiPAM 安全漏洞 — FortiPAM 6.0 Medium2025-06-10
CVE-2025-25179 GPU DDK - Freelist GPU VA can be remapped to another reservation/PMR to trigger GPU arbitrary write to physical memory — Graphics DDK 7.8AIHighAI2025-06-02
CVE-2025-3931 Yggdrasil: local privilege escalation in yggdrasil 7.8 High2025-05-14

Vulnerabilities classified as CWE-280 (不充分权限或特权的处理不恰当) represent 106 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.