19 matches found
CVE-2026-21246
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally...
CVE-2026-21246
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally...
CVE-2026-21246 Windows Graphics Component Elevation of Privilege Vulnerability
...
CVE-2021-21246
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the /users/id endpoint there are no security checks enforced so it is possible to retrieve...
CVE-2020-21246
Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function...
CVE-2025-21246 Windows Telephony Service Remote Code Execution Vulnerability
...
CVE-2025-21246
creationtimestamp| type| source ---|---|--- 2025-01-14 17:29:48+00:00| seen| https://www.thezdi.com/blog/2025/1/14/the-january-2025-security-update-review 2025-01-14 18:18:41+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpufmfccc2f 2025-01-14 20:41:11+00:00| seen|...
CVE-2024-21246
Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware component: OSB Core Functionality. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus...
CVE-2024-21246
...
CVE-2023-21246
In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21246
CVE-2023-21246 affects Android’s ShortcutInfo.java. The issue: an uncaught exception could allow an app to retain notification listening access, enabling local elevation of privilege with no extra execution privileges and no user interaction required. Public details in NVD/NVD-linked entries conf...
CVE-2020-21246
Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function...
CVE-2020-21246
YiiCMS contains a Cross-Site Scripting vulnerability in version 1.0 (and affecting 1.2.0 and prior) where a malicious user can exploit the NEWS function to execute arbitrary code. The issue is documented across multiple sources (NVD entry CVE-2020-21246, CNVD, GHSA, OSV, GitHub advisories, Red Ha...
CVE-2020-21246
Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function...
CVE-2020-21246
Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function...
CVE-2022-21246
CVE-2022-21246 affects Oracle Communications Operations Monitor (Mediation Engine). Affected versions: 3.4, 4.2, 4.3, 4.4 and 5.0. The vulnerability is exploitable with network access via HTTP by a low-privileged attacker; successful exploitation requires minimal user interaction. Impact per sour...
CVE-2021-21246
OneDev before 4.0.3 exposes an insecure REST endpoint: GET /users/{id} lacks authorization checks, enabling retrieval of arbitrary user details and Access Tokens. This permits potential impersonation and sensitive data exposure across projects accessible by the user. The issue is fixed in version...
CVE-2018-21246
creationtimestamp| type| source ---|---|--- 2020-06-15 20:55:16+00:00| seen| https://t.me/cibsecurity/12749...
CVE-2018-21246
Caddy before 0.10.13 mishandles TLS client authentication due to missing StrictHostMatching, enabling an authentication bypass. Affected product: Caddy web server; vulnerability in TLS client auth handling (authentication bypass). CVE-2018-21246 is documented in multiple sources (GHSA, OSV, NVD, ...