12 matches found
CVE-2026-56300 Capgo - Unauthenticated API Key Validity and Permission Oracle via RPC Functions
Capgo before 12.128.2 contains unauthenticated security definer RPC functions getuserid and getorgpermforapikey that expose API key validity oracles and user UUID disclosure. Unauthenticated attackers using the public API key can validate leaked keys, enumerate users and apps, and determine...
Security update for nodejs24
This update for nodejs24 fixes the following issues: Update to 24.14.1 CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths and can cause a denial of service bsc1256576. CVE-2026-21710: uncaught TypeError exception can cause a denial ...
CVE-2022-20272
In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
CVE-2023-42676
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...
CVE-2023-42640
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...
CVE-2023-40633
In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...
CVE-2023-30918
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...
CVE-2021-23246
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure...
PT-2020-6810 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.x through 1.31.9 MediaWiki versions 1.32.x through 1.34.x before 1.34.4 Description: The issue is related to errors in permission handling in the Special:UserRights component of MediaWiki. This can allow a remote...
JIRA sends in-app notifications to Confluence for restricted comments
If you have a primary application link between JIRA in Confluence, users get a notification in their Confluence workbox everytime someone comments in a ticket the user is watching. Users receive the notification with the text of the comment even when the comment is restricted to other groups,...
CVE-2006-0700
imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions...
ImageVue 0.16.1 - dir.php Folder Permission Disclosure
ImageVue 0.16.1 - dir.php Folder Permission Disclosure source: https://www.securityfocus.com/bid/16594/info ImageVue is prone to multiple vulnerabilities, including unauthorized uploading of files with arbitrary extensions, authentication bypass, information disclosure, and content injection...