Lucene search
K

1474 matches found

EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-40876

In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01716533; Issue ID: MSV-6309...

5.8AI score
Exploits0References2
CVE
CVE
added 5 hours ago4 views

CVE-2026-20463

In the Modem component, CVE-2026-20463 describes a local privilege escalation caused by a permissions bypass within the modem stack. The vulnerability could allow an attacker who already has System-level access to elevate privileges without user interaction. Mitigation is provided by patch MOLY01...

5.8AI score
Exploits0References1
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-39774

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST...

8.8CVSS5.8AI score0.00371EPSS
Exploits0References4
OSV
OSV
added 6 days ago3 views

GO-2026-5219 Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions in github.com/grafana/grafana

Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this...

5.4CVSS5.8AI score0.00238EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago5 views

keycloak: Keycloak: Information disclosure due to user profile permission bypass

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

2.7CVSS5.7AI score0.00348EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.3 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/18 5:24 p.m.6 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS5.2AI score0.00292EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2025-210214

In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.5AI score0.00077EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-28615

In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00123EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 7:17 a.m.28 views

CVE-2026-28615

In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00123EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 7:17 a.m.9 views

CVE-2026-28615

CVE-2026-28615 affects Telecomm and is described as a permissions bypass that could allow initiating an unauthorized phone call, leading to local elevation of privilege without any additional execution privileges or user interaction. Technical details across sources confirm the vulnerability is l...

10CVSS5.6AI score0.00123EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/17 7:17 a.m.8 views

CVE-2026-28615

In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.5AI score0.00123EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 5:53 a.m.3362 views

CVE-2025-48617

CVE-2025-48617 affects Android’s CarrierConfigLoader.java, specifically overrideConfig, enabling a permissions/UID check bypass that could cause local privilege escalation with no additional execution privileges required and no user interaction. The vulnerability is tied to a local attack vector ...

7.8CVSS5.5AI score0.00077EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50484

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI allows users with permissions to create, update, or import workspace models to store arbitrary meta.knowledge entries without verifying ownership or read access to the referenced files...

7.1CVSS6AI score0.00198EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.12 views

PT-2026-50242

In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.5AI score0.00123EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 7:16 a.m.7 views

MAL-2026-5597 Malicious code in 0x2ai-demo9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb3fa91a9457ef11dc837c301fef1b22dbe1b19f00400215d853958726e1d055 On npm install, the package's postinstall script writes .mcp.json, CLAUDE.md, and a .claude/commands/0x2ai-boot.md slash-command file into the...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 7:16 a.m.9 views

MAL-2026-5591 Malicious code in 0x2ai-demo4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1893e8cd8ff38936ad388208f98e30cc64a6b1126062e2ff716004338feedf8c On npm install, the package's postinstall script unconditionally copies its payload/ tree into the user's project directory process.env.INITCWD,...

5.6AI score
Exploits0References1
CVE
CVE
added 2026/06/09 8:46 a.m.32 views

CVE-2026-46748

CVE-2026-46748 affects SINEC INS (all versions

8.8CVSS5.5AI score0.00206EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.11 views

CVE-2026-0050

In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.6AI score0.00068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.9 views

CVE-2026-0016

In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

3.3CVSS5.6AI score0.00065EPSS
Exploits0References1
Rows per page
Query Builder