Description
The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.
CVE vulnerabilities with CWE-648 (66)
9.8
CVSS
CRITICAL
CVE-2024-8785
pub. 2024-12-02
9.8
CVSS
CRITICAL
CVE-2024-11068
pub. 2024-11-11
9.8
CVSS
CRITICAL
CVE-2023-4972
pub. 2023-09-14
9.8
CVSS
CRITICAL
CVE-2022-2023
pub. 2022-06-20
9.8
CVSS
CRITICAL
CVE-2019-14813
pub. 2019-09-06
9.8
CVSS
CRITICAL
CVE-2019-1010178
pub. 2019-07-24
9.4
CVSS
CRITICAL
CVE-2026-9560
pub. 2026-05-26
9.1
CVSS
CRITICAL
CVE-2026-41386
pub. 2026-04-28
9.1
CVSS
CRITICAL
CVE-2024-37018
pub. 2024-05-31
9.1
CVSS
CRITICAL
CVE-2023-29507
pub. 2023-04-16
9.0
CVSS
CRITICAL
CVE-2026-41329
pub. 2026-04-21
9.0
CVSS
CRITICAL
CVE-2025-2311
pub. 2025-03-20
8.8
CVSS
HIGH
CVE-2026-20126
pub. 2026-02-25
8.8
CVSS
HIGH
CVE-2025-54769
pub. 2025-07-29
8.8
CVSS
HIGH
CVE-2025-5997
pub. 2025-07-28
8.8
CVSS
HIGH
CVE-2023-28062
pub. 2023-04-11
8.8
CVSS
HIGH
CVE-2019-14869
pub. 2019-11-15
8.7
CVSS
HIGH
CVE-2026-35663
pub. 2026-04-10
8.7
CVSS
HIGH
CVE-2026-35669
pub. 2026-04-10
8.7
CVSS
HIGH
CVE-2026-35639
pub. 2026-04-09
Showing 20 of 66 vulnerabilities