CWE-265(Privilege Issues)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
Weaknesses in this category occur with improper handling, assignment, or management of privileges. A privilege is a property of an agent, such as a user. It lets the agent do things that are not ordinarily allowed. For example, there are privileges which allow an agent to perform maintenance functions such as restart a computer.
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-9368 | 2026-05-24 | A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handl… |
| CVE-2026-6878 | 2026-04-23 | A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate … |
| CVE-2026-6224 | 2026-04-13 | A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javasc… |
| CVE-2026-6117 | 2026-04-12 | A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endp… |
| CVE-2025-5874 | 2025-06-09 | A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handle… |
| CVE-2025-5321 | 2025-05-29 | A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view… |
| CVE-2024-2007 | 2024-03-21 | A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The manipulation leads… |
| CVE-2023-5223 | 2023-09-27 | A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to… |
| CVE-2023-26122 | 2023-04-11 | All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerabi… |
| CVE-2020-1889 | 2020-09-03 | A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution v… |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Description, Relationships, Relationship_Notes, Taxonomy_Mappings, Theoretical_Notes |
| 2008-10-14 | CWE Content Team | 1.0.1 | — | updated Description, Research_Gaps, Theoretical_Notes |
| 2009-12-28 | CWE Content Team | 1.7 | — | updated Potential_Mitigations |
| 2010-06-21 | CWE Content Team | 1.9 | — | updated Potential_Mitigations |
| 2011-03-29 | CWE Content Team | 1.12 | — | updated Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Detection_Factors |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Detection_Factors, Potential_Mitigations, Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Description, Name, Relationships |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Mapping_Notes |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |