Description
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Extended Description
When a resource is given a permission setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution, or sensitive user data. For example, consider a misconfigured storage account for the cloud that can be read or written by a public or anonymous user.
CVE vulnerabilities with CWE-732 (1,878)
10.0
CVSS
CRITICAL
CVE-2026-9508
pub. 2026-05-29
10.0
CVSS
CRITICAL
CVE-2025-14988
pub. 2026-01-27
10.0
CVSS
CRITICAL
CVE-2025-69426
pub. 2026-01-09
10.0
CVSS
CRITICAL
CVE-2025-12004
pub. 2025-10-21
10.0
CVSS
CRITICAL
CVE-2014-125121
pub. 2025-07-31
9.9
CVSS
CRITICAL
CVE-2025-46093
pub. 2025-08-04
9.9
CVSS
CRITICAL
CVE-2025-0066
pub. 2025-01-14
9.9
CVSS
CRITICAL
CVE-2024-5618
pub. 2024-07-18
9.9
CVSS
CRITICAL
CVE-2023-40622
pub. 2023-09-12
9.9
CVSS
CRITICAL
CVE-2022-28802
pub. 2022-09-21
9.9
CVSS
CRITICAL
CVE-2021-33509
pub. 2021-05-21
9.8
CVSS
CRITICAL
CVE-2025-8042
pub. 2025-08-19
9.8
CVSS
CRITICAL
CVE-2025-45150
pub. 2025-08-01
9.8
CVSS
CRITICAL
CVE-2025-43243
pub. 2025-07-30
9.8
CVSS
CRITICAL
CVE-2025-25373
pub. 2025-03-25
9.8
CVSS
CRITICAL
CVE-2024-57520
pub. 2025-02-05
9.8
CVSS
CRITICAL
CVE-2024-41647
pub. 2024-12-06
9.8
CVSS
CRITICAL
CVE-2024-10018
pub. 2024-10-16
9.8
CVSS
CRITICAL
CVE-2024-24117
pub. 2024-10-02
9.8
CVSS
CRITICAL
CVE-2024-8039
pub. 2024-09-14
Showing 20 of 1,878 vulnerabilities