Lucene search
K

12 matches found

Cvelist
Cvelist
added 2026/06/30 10:8 p.m.22 views

CVE-2026-56300 Capgo - Unauthenticated API Key Validity and Permission Oracle via RPC Functions

Capgo before 12.128.2 contains unauthenticated security definer RPC functions getuserid and getorgpermforapikey that expose API key validity oracles and user UUID disclosure. Unauthenticated attackers using the public API key can validate leaked keys, enumerate users and apps, and determine...

8.7CVSS0.00349EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/04/13 3:54 p.m.6 views

Security update for nodejs24

This update for nodejs24 fixes the following issues: Update to 24.14.1 CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths and can cause a denial of service bsc1256576. CVE-2026-21710: uncaught TypeError exception can cause a denial ...

8.7CVSS6.8AI score0.26356EPSS
Exploits0References36
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 p.m.6 views

CVE-2022-20272

In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

5.5CVSS6.1AI score0.00096EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/04 12:54 a.m.20 views

CVE-2023-42676

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

5.6AI score0.00095EPSS
Exploits0References1
NVD
NVD
added 2023/11/01 10:15 a.m.25 views

CVE-2023-42640

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

5.5CVSS5.3AI score0.0008EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/08 3:35 a.m.18 views

CVE-2023-40633

In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

5.5AI score0.00078EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/12 8:31 a.m.16 views

CVE-2023-30918

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

6.4AI score0.0008EPSS
Exploits0References1
NVD
NVD
added 2022/03/11 6:15 p.m.15 views

CVE-2021-23246

In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure...

7.5CVSS0.00933EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/09/25 12:0 a.m.4 views

PT-2020-6810 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.x through 1.31.9 MediaWiki versions 1.32.x through 1.34.x before 1.34.4 Description: The issue is related to errors in permission handling in the Special:UserRights component of MediaWiki. This can allow a remote...

9.8CVSS5.7AI score0.04098EPSS
Exploits6References68
Atlassian
Atlassian
added 2014/01/29 3:42 p.m.31 views

JIRA sends in-app notifications to Confluence for restricted comments

If you have a primary application link between JIRA in Confluence, users get a notification in their Confluence workbox everytime someone comments in a ticket the user is watching. Users receive the notification with the text of the comment even when the comment is restricted to other groups,...

1.8AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 2006/02/15 11:0 a.m.23 views

CVE-2006-0700

imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions...

6.6AI score0.0653EPSS
Exploits1References5
exploitpack
exploitpack
added 2006/02/11 12:0 a.m.11 views

ImageVue 0.16.1 - dir.php Folder Permission Disclosure

ImageVue 0.16.1 - dir.php Folder Permission Disclosure source: https://www.securityfocus.com/bid/16594/info ImageVue is prone to multiple vulnerabilities, including unauthorized uploading of files with arbitrary extensions, authentication bypass, information disclosure, and content injection...

7.4AI score
Exploits0
Rows per page
Query Builder