15 matches found
GO-2026-5897 Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent in github.com/coder/coder
Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent in github.com/coder/coder...
Astra Linux – Vulnerability in bluez
Bluetooth HID Hosts in BlueZ may allow an unauthenticated peripheral role HID device to initiate and establish an encrypted connection, and to accept HID keyboard reports. This could potentially allow the injection of HID messages when no user interaction has occurred in the Central role, thereby...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS prior to Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 contain security vulnerabilities due to race condition issues, which may allow applications to access the contact...
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading
PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code via spec.loader.execmodule without explicit user consent,...
CVE-2026-Pending-Claude-Desktop-RCE
CVE-2026-PENDING: Claude Desktop Remote Code Execution via Pri...
Ubee EVW327 Cross-site Request Forgery Vulnerability
Ubee EVW327 is a multi-functional cable TV gateway developed by Ubee Company in Taiwan, China. Ubee EVW327 has a vulnerability related to cross-site request forgery. This vulnerability stems from the existence of cross-site request forgery attacks, which may lead to remote access being enabled...
webkitgtk: A website may be able to access sensor information without user consent
A flaw was found in WebKitGTK. A malicious website can obtain access to sensor information without user consent due to improper handling of caches...
CVE-2023-20971
In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS that originates from websites that may be able to access...
CVE-2024-49736
In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2021-0583
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
Apple iOS Safari Unauthorized Access Vulnerability
Apple iOS is an operating system developed by Apple Inc. for mobile devices, of which Safari is a specialized component of the Safari browser. An unauthorized access vulnerability exists in the Safari component of Apple iOS versions prior to 12.2. An attacker could use this vulnerability to acces...
Mozilla: Compromised IPC child process can list local filenames
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox...
CVE-2017-0529
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/...
UBUNTU-CVE-2016-6719
An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is...