Lucene search
K

125 matches found

Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.7 views

PT-2025-36017

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: A logic error in the code within onCreate of NotificationAccessConfirmationActivity.java may lead to local information disclosure. Exploitation does not requi...

5.5CVSS6AI score0.00078EPSS
Exploits0References5
NVD
NVD
added 2025/09/02 11:15 p.m.4 views

CVE-2025-22427

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

7.3CVSS0.00087EPSS
Exploits0References2
OSV
OSV
added 2025/09/02 11:15 p.m.2 views

CVE-2025-22427

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

7.3CVSS5.9AI score0.00087EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/09/02 10:11 p.m.1 views

CVE-2025-22427

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

7.3CVSS5.6AI score0.00087EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/02 10:11 p.m.4 views

CVE-2025-22427

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

6.3AI score0.00087EPSS
Exploits0References2
CVE
CVE
added 2025/09/02 10:11 p.m.432 views

CVE-2025-22427

CVE-2025-22427 affects Android’s NotificationAccessConfirmationActivity.java. A logic error in onCreate could grant notification access above the lock screen, enabling local escalation of privilege with user interaction required. Impact is high (local, high confidentiality/integrity/availability ...

7.3CVSS6.3AI score0.00087EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/09/02 10:11 p.m.5 views

CVE-2025-22427

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

0.00087EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.7 views

PT-2025-35628

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: A logic error in the code within NotificationAccessConfirmationActivity.java may allow granting notification access above the lock screen. This could lead to local escalation of privilege,...

7.3CVSS6.1AI score0.00087EPSS
Exploits0References5
PyPA
PyPA
added 2025/07/18 3:15 p.m.9 views

PYSEC-2025-181

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...

5.4CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/07/18 3:5 p.m.7 views

CVE-2025-46732 OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...

5.4CVSS6.6AI score0.00201EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/18 12:0 a.m.13 views

PT-2025-30046 · Opencti · Opencti

Name of the Vulnerable Software and Affected Versions: OpenCTI versions prior to 6.6.6 Description: OpenCTI is a platform for managing cyber threat intelligence knowledge and observables. An IDOR vulnerability exists in the GraphQL NotificationLineNotificationMarkReadMutation and...

5.4CVSS6.1AI score0.00201EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 9:34 a.m.6 views

CVE-2024-0021

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS7.1AI score0.00133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:7 a.m.6 views

CVE-2024-49742

In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed f...

7.8CVSS7.1AI score0.00073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:53 a.m.13 views

CVE-2024-54485

The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen...

5.5CVSS7AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:52 a.m.9 views

CVE-2024-47761

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue...

7.5CVSS7AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:6 a.m.4 views

CVE-2023-21246

In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS6.8AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:19 a.m.5 views

CVE-2023-21260

In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation...

5.5CVSS6.9AI score0.00074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:58 a.m.14 views

CVE-2023-35667

In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7AI score0.00083EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:50 a.m.3 views

CVE-2023-21135

In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS6.8AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:36 p.m.4 views

CVE-2022-20493

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

7.8CVSS6.8AI score0.00218EPSS
Exploits0References1
Rows per page
Query Builder