Threats Tagged 'cwe-250'
View all threats tagged with 'cwe-250'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cwe-250'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-54319: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in daytonaio daytonaCVE-2026-54319 0 CVE-2026-54319 is a path traversal vulnerability in daytonaio's daytona product prior to version 0.186. The issue arises because sandbox volume references used to build host bind-mount source paths were not properly confined, allowing path-traversal sequences to potentially escape the intended directory. This vulnerability has a medium severity with a CVSS score of 4.2 and is fixed in version 0.186. Join the discussion | CVE Database V5 | 06/23/2026, 18:08:54 UTC Added: 06/23/2026, 18:54:13 UTC |
CVE-2026-48584: CWE-250: Execution with Unnecessary Privileges in Microsoft Azure SynapseCVE-2026-48584 0 Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network. Join the discussion | GCVE Database | 06/19/2026, 20:27:48 UTC Added: 06/19/2026, 19:07:11 UTC |
CVE-2026-47190: CWE-250: Execution with Unnecessary Privileges in metal3-io ip-address-managerCVE-2026-47190 0 IPAM is the IP address Manager for Cluster API Provider Metal3. Prior to versions 1.11.7, 1.12.4, and 1.13.0, the IPAM controller's ClusterRole granted full CRUD permissions (create, delete, get, list, patch, update, watch) on core/v1 Secrets. The controller never accesses Secrets during normal operation. If the controller pod were compromised (e.g. via supply chain attack or container escape), an attacker could leverage these excessive permissions to read, modify, or delete Secrets in the namespace, potentially exposing credentials and other sensitive data. This issue has been patched in versions 1.11.7, 1.12.4, and 1.13.0. Join the discussion | CVE Database V5 | 06/12/2026, 14:49:51 UTC Added: 06/12/2026, 15:39:34 UTC |
CVE-2026-11626: CWE-250 Execution with unnecessary privileges in Broadcom Symantec Endpoint Protection CleanWipe Removal ToolCVE-2026-11626 0 A local privilege escalation vulnerability (CWE-250) exists in Broadcom Symantec Endpoint Protection CleanWipe Removal Tool for macOS prior to version 16.0.0.65. This vulnerability allows an attacker with limited privileges to escalate their privileges to administrative level. The CVSS 4.0 base score is 5.4, indicating a medium severity. No patch or official remediation has been confirmed yet. The vulnerability affects versions prior to 16.0.0.65. No known exploits are reported in the wild at this time. Join the discussion | CVE Database V5 | 06/10/2026, 18:47:21 UTC Added: 06/10/2026, 19:16:07 UTC |
CVE-2024-43583: CWE-250: Execution with Unnecessary Privileges in Microsoft Windows 10 Version 1507CVE-2024-43583 0 Winlogon Elevation of Privilege Vulnerability Join the discussion | GCVE Database | 10/08/2024, 17:36:17 UTC Added: 06/09/2026, 19:18:42 UTC |
CVE-2026-46748: CWE-250: Execution with Unnecessary Privileges in Siemens SINEC INSCVE-2026-46748 0 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system. Join the discussion | CVE Database V5 | 06/09/2026, 08:46:55 UTC Added: 06/09/2026, 10:10:51 UTC |
CVE-2025-12694: CWE-250 Execution with unnecessary privileges in Forcepoint VPN ClientCVE-2025-12694 0 A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior. Join the discussion | CVE Database V5 | 06/04/2026, 12:04:33 UTC Added: 06/04/2026, 12:18:50 UTC |
CVE-2026-42061: CWE-250 in Acronis Acronis DeviceLock DLPCVE-2026-42061 0 Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. Join the discussion | CVE Database V5 | 06/03/2026, 19:26:17 UTC Added: 06/03/2026, 20:18:39 UTC |
CVE-2024-8781: CWE-250 Execution with Unnecessary Privileges in TR7 Application Security Platform (ASP)CVE-2024-8781 0 Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, -Privilege Abuse. This issue affects Application Security Platform (ASP): v1.4.25.188. Join the discussion | CVE Database V5 | 11/18/2024, 14:00:49 UTC Added: 06/02/2026, 08:33:44 UTC |
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.20.9 security, enhancement & bug fix updateCVE-2024-5042 0 Red Hat OpenShift Data Foundation 4.20.9 security, enhancement & bug fix update. Join the discussion | GCVE Database | 04/02/2026, 16:38:29 UTC Added: 05/28/2026, 20:54:07 UTC |
Showing 1 to 10 of 11 results