CWE-264(Permissions, Privileges, and Access Controls)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-41974 | 2026-06-09 | Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2026-9368 | 2026-05-24 | A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handl… |
| CVE-2026-41962 | 2026-05-15 | Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2026-6878 | 2026-04-23 | A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate … |
| CVE-2026-6224 | 2026-04-13 | A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javasc… |
| CVE-2026-6117 | 2026-04-12 | A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endp… |
| CVE-2026-20046 | 2026-03-11 | A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of … |
| CVE-2026-28541 | 2026-03-05 | Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-66319 | 2026-03-05 | Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2026-24924 | 2026-02-06 | Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2026-24920 | 2026-02-06 | Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2026-24931 | 2026-02-06 | Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2026-24923 | 2026-02-06 | Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-68967 | 2026-01-14 | Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-66329 | 2025-12-08 | Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-66325 | 2025-12-08 | Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-58302 | 2025-11-28 | Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-64315 | 2025-11-28 | Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity. |
| CVE-2025-58315 | 2025-11-28 | Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-58312 | 2025-11-28 | Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability. |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships, Taxonomy_Mappings |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated References |
| 2011-03-29 | CWE Content Team | 1.12 | — | updated Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Detection_Factors |
| 2015-12-07 | CWE Content Team | 2.9 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships |
| 2018-03-27 | CWE Content Team | 3.1 | — | updated References |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Maintenance_Notes, Relationships |
| 2021-10-28 | CWE Content Team | 4.6 | — | updated Relationships |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated Maintenance_Notes, References |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |