PT-2025-20045 · Unknown · Cocktailbarservice

Name of the Vulnerable Software and Affected Versions: CocktailBarService versions prior to SMR May-2025 Release 1 Description: The issue is related to the improper handling of insufficient permissions in CocktailBarService, allowing local attackers to use the privileged API. This enables local...

CVE-2025-0628

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

LiteLLM Has an Improper Authorization Vulnerability

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

CVE-2022-4805

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1...

CVE-2024-11068 D-Link DSL6740C - Incorrect Use of Privileged APIs

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account...

CVE-2024-11068

The CVE-2024-11068 entry concerns the D-Link DSL6740C modem and an Incorrect Use of Privileged APIs vulnerability. Public materials describe that unauthenticated remote attackers can exploit the API to modify any user’s password, enabling access to Web, SSH, and Telnet services under that user’s ...

CVE-2024-34647

Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license...

CVE-2024-34655

Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager...

CVE-2024-34655

Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager...

CVE-2024-34647

CVE-2024-34647 concerns DualDarManagerProxy in Samsung Mobile devices, where an incorrect use of a privileged API allows local attackers to access Knox-related APIs without proper licensing. The vulnerability is described across multiple sources as a local privilege escalation via the Knox API, w...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices SMR Sep-2024 Release 1 version and prior versions, which stems from an improper use of a privileged API contained ...

CVE-2024-20883

Incorrect use of privileged API vulnerability in registerBatteryStatsCallback in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API...

CVE-2024-20884

Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API...

CVE-2024-20884

Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API...

CVE-2024-20883

Incorrect use of privileged API vulnerability in registerBatteryStatsCallback in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API...

CVE-2024-20883

Incorrect use of privileged API vulnerability in registerBatteryStatsCallback in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API...

VulnCheck KEV: CVE-2022-25237

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...

CVE-2023-36651

Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials...

CVE-2023-6150

Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105...

SGUDA U-Lock 安全漏洞

SGUDA U-Lock is a smart electronic lock from SGUDA China. A security vulnerability exists in SGUDA U-Lock, which stems from an authorization error in the lock management function of the central locking service. A remote attacker could use this vulnerability to invoke a privileged API to obtain...