Skip to main content

CWE-274

Improper Handling of Insufficient Privileges

31 CVEs Avg CVSS 7.3 MITRE
2
CRITICAL
19
HIGH
9
MEDIUM
1
LOW
0
POC
0
KEV

Monthly

CVE-2025-54511 MEDIUM This Month

Improper privilege validation in AMD Secure Processor (ASP) allows authenticated local attackers to write data to restricted memory regions, compromising data integrity and potentially affecting system availability. The vulnerability affects AMD MI-25, MI250, MI210 accelerators and AMD Radeon Pro V520/V620 GPUs. No public exploit code has been identified, but the low attack complexity and authenticated network access vector indicate moderate real-world risk in data center and AI/ML environments where these devices are deployed.

Amd Information Disclosure
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-33005 Maven MEDIUM PATCH This Month

Apache OpenMeetings versions 3.10 through 8.x allow authenticated users to enumerate file and folder metadata across the system through improper access control in web service APIs, exposing file names, IDs, types, and other metadata fields without authorization to access those resources. This affects all Apache OpenMeetings installations from 3.10 before 9.0.0, where any registered user can query arbitrary folder IDs to retrieve metadata listings. The vulnerability requires valid user credentials (low-privilege authenticated access) and poses a moderate information disclosure risk with an EPSS exploitation probability of 0.01% (3rd percentile), indicating minimal real-world exploitation likelihood despite the low attack complexity.

Apache Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2023-20516 LOW Monitor

Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-20177 MEDIUM This Month

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Cisco Ios Xr
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20156 CRITICAL This Week

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Meeting Management
NVD
CVSS 3.1
9.9
EPSS
3.1%
CVE-2024-0106 HIGH This Week

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Denial Of Service
NVD
CVSS 3.1
8.7
EPSS
0.2%
CVE-2024-0105 HIGH This Week

NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. Rated high severity (CVSS 8.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Denial Of Service
NVD
CVSS 3.1
8.9
EPSS
0.3%
CVE-2024-41942 PyPI HIGH PATCH This Week

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Jupyterhub
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-20324 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Ios Xe
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-21648 Maven HIGH PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper privilege validation in AMD Secure Processor (ASP) allows authenticated local attackers to write data to restricted memory regions, compromising data integrity and potentially affecting system availability. The vulnerability affects AMD MI-25, MI250, MI210 accelerators and AMD Radeon Pro V520/V620 GPUs. No public exploit code has been identified, but the low attack complexity and authenticated network access vector indicate moderate real-world risk in data center and AI/ML environments where these devices are deployed.

Amd Information Disclosure
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Apache OpenMeetings versions 3.10 through 8.x allow authenticated users to enumerate file and folder metadata across the system through improper access control in web service APIs, exposing file names, IDs, types, and other metadata fields without authorization to access those resources. This affects all Apache OpenMeetings installations from 3.10 before 9.0.0, where any registered user can query arbitrary folder IDs to retrieve metadata listings. The vulnerability requires valid user credentials (low-privilege authenticated access) and poses a moderate information disclosure risk with an EPSS exploitation probability of 0.01% (3rd percentile), indicating minimal real-world exploitation likelihood despite the low attack complexity.

Apache Information Disclosure
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Cisco +1
NVD
EPSS 3% CVSS 9.9
CRITICAL This Week

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Meeting Management
NVD
EPSS 0% CVSS 8.7
HIGH This Week

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Denial Of Service
NVD
EPSS 0% CVSS 8.9
HIGH This Week

NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. Rated high severity (CVSS 8.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Denial Of Service
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Jupyterhub
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xwiki
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy