CWE-278 is a common weakness enumeration in software security. This database tracks 5 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-278?

There are 5 CVE vulnerabilities classified as CWE-278 with an average CVSS score of 7.14.

What is the severity distribution for CWE-278?

CWE-278 contains 0 critical, 4 high, 0 medium, and 1 low severity vulnerabilities.

CWE-278

Total CVEs

Vulnerabilities

Avg CVSS v3

7.1

High

Latest CVE

2025

Most Recent

Severity Distribution

Critical 0

High 4

80%

Medium 0

Low 1

20%

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (5)

Page 1 of 1

CVE-2024-37769

HIGH

CVSS:8.8(High)

Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request.

CWE-2782024

CVE-2024-36538

HIGH

CVSS:8.8(High)

Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

CWE-2782024

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate arch...

CWE-2782023

CVE-2025-2947

HIGH

CVSS:7.2(High)

IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host ...

CWE-2782025

CVE-2024-38531

LOW

CVSS:3.6(Low)

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. ...

CWE-2782024

CVE Security Database

CWE-278

Severity Distribution

External References

All CVEs (5)

CVE-2024-37769

CVE-2024-36538

CVE-2023-38497

CVE-2025-2947

CVE-2024-38531