Lucene search
K

15 matches found

OSV
OSV
added yesterday3 views

GO-2026-5897 Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent in github.com/coder/coder

Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent in github.com/coder/coder...

8.1CVSS5.9AI score
Exploits0References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in bluez

Bluetooth HID Hosts in BlueZ may allow an unauthenticated peripheral role HID device to initiate and establish an encrypted connection, and to accept HID keyboard reports. This could potentially allow the injection of HID messages when no user interaction has occurred in the Central role, thereby...

6.3CVSS6.9AI score0.07879EPSS
Exploits8References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS prior to Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 contain security vulnerabilities due to race condition issues, which may allow applications to access the contact...

7.5CVSS5.8AI score0.00306EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/10 7:26 p.m.3 views

PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code via spec.loader.execmodule without explicit user consent,...

7.8CVSS6.4AI score0.00209EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2026/01/23 12:21 p.m.169 views

CVE-2026-Pending-Claude-Desktop-RCE

CVE-2026-PENDING: Claude Desktop Remote Code Execution via Pri...

7AI score
Exploits0
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.5 views

Ubee EVW327 Cross-site Request Forgery Vulnerability

Ubee EVW327 is a multi-functional cable TV gateway developed by Ubee Company in Taiwan, China. Ubee EVW327 has a vulnerability related to cross-site request forgery. This vulnerability stems from the existence of cross-site request forgery attacks, which may lead to remote access being enabled...

5.3CVSS5.7AI score0.00186EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/10/28 9:7 a.m.3 views

webkitgtk: A website may be able to access sensor information without user consent

A flaw was found in WebKitGTK. A malicious website can obtain access to sensor information without user consent due to improper handling of caches...

6.5CVSS5.7AI score0.00604EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 1:46 a.m.6 views

CVE-2023-20971

In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...

7.8CVSS7AI score0.00105EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.4 views

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS that originates from websites that may be able to access...

6.7CVSS6AI score0.00547EPSS
Exploits0References1
NVD
NVD
added 2025/01/21 11:15 p.m.24 views

CVE-2024-49736

In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS0.00074EPSS
Exploits0References1
OSV
OSV
added 2021/10/11 4:15 p.m.6 views

CVE-2021-0583

In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

7.3CVSS5.9AI score0.00111EPSS
Exploits0References1
CNVD
CNVD
added 2019/03/28 12:0 a.m.3 views

Apple iOS Safari Unauthorized Access Vulnerability

Apple iOS is an operating system developed by Apple Inc. for mobile devices, of which Safari is a specialized component of the Safari browser. An unauthorized access vulnerability exists in the Safari component of Apple iOS versions prior to 12.2. An attacker could use this vulnerability to acces...

6.5CVSS6.1AI score0.01116EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/07/24 9:37 p.m.6 views

Mozilla: Compromised IPC child process can list local filenames

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox...

6.5CVSS7.4AI score0.03158EPSS
Exploits0References5
OSV
OSV
added 2017/03/08 1:59 a.m.4 views

CVE-2017-0529

An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/...

5.5CVSS7.3AI score0.00412EPSS
Exploits0References4
OSV
OSV
added 2016/11/25 4:59 p.m.3 views

UBUNTU-CVE-2016-6719

An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is...

5.5CVSS7.3AI score0.00342EPSS
Exploits0References3
Rows per page
Query Builder