EUVD-2026-36713

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

CVE-2026-53439

A flaw was found in Jenkins. Missing permission checks allow an attacker with Overall/Read permission to determine other users' configured timezone. This vulnerability also enables the attacker to enumerate the view names of other users' "My Views", leading to information disclosure. Mitigation...

SUSE CVE-2025-22240

Arbitrary directory creation or file deletion. In the findfile method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgtenv” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to...

CVE-2025-64436

KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. This vulnerability could...

Linux Distros Unpatched Vulnerability : CVE-2023-47039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe...

CVE-2025-41686

CVE-2025-41686 describes a local privilege escalation in which a low-privileged attacker can exploit improper permissions on nssm.exe to gain administrative access. The CVSS v3.1 vector is LOCAL, with LOW privileges required, no user interaction, and a base score of 7.8 (HIGH). Affected component...

PT-2025-25172 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat affected versions not specified Description: The issue allows bypassing Transparency, Consent, and Control TCC policies, enabling the exploitation or abuse of permissions specified in its entitlements, such as microphone, camera,...

CVE-2024-8011

Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera...

CVE-2024-8011

CVE-2024-8011 affects Logitech Options+ on macOS prior to 1.72. The issue allows a local attacker to inject a dynamic library into the Options+ runtime and abuse user-granted permissions (e.g., Camera). Root cause is the ability to load/execute injected code within the Options+ process while main...

PT-2024-38751 · Logitech · Logitech Options

Name of the Vulnerable Software and Affected Versions: Logitech Options+ versions prior to 1.72 Description: The issue allows a local attacker to inject a dynamic library within the Logitech Options+ runtime and abuse permissions granted by the user, such as access to the Camera. This can lead to...

Apple macOS Sonoma Security Vulnerability

Apple macOS Sonoma is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma version 14.4, which arises from the possibility that rights and privacy permissions granted to this application could be used by malicious applications...

SolarWinds Access Rights Manager Security Vulnerability

SolarWinds Access Rights Manager is a lightweight review management system from SolarWinds. A security vulnerability exists in SolarWinds Access Rights Manager that stems from allowing a user to abuse incorrect folder permissions, which can lead to privilege escalation...

CVE-2022-20277

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

The IOT era rights abuse of the vulnerability of attack and Defense-bug warning-the black bar safety net

Permissions for the abuse of Vulnerability in addition to on android Real machine debugging scenario other than there are many other scenarios. In the field of Internet of things applications is particularly extensive. For example: a smart TV can be allowed remotely through the network debugging,...