56 matches found
PT-2025-36066
Name of the Vulnerable Software and Affected Versions: AccountManagerService affected versions not specified Description: An application may access privileged APIs due to a confused deputy condition within the isSystemUid function of AccountManagerService.java. This could result in local privileg...
CVE-2025-21031
Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs...
CVE-2025-21031
Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs...
CVE-2025-21031
CVE-2025-21031 concerns an improper access control in ImsService prior to Samsung SMR Sep-2025 Release 1, enabling local attackers to invoke privileged APIs. Affected: ImsService on Samsung Mobile devices. Root cause: insufficient access restrictions that permit privileged API usage from local co...
PT-2025-35685
Name of the Vulnerable Software and Affected Versions: ImsService versions prior to SMR Sep-2025 Release 1 Description: An improper access control issue exists in ImsService. This allows local attackers to utilize privileged APIs. Recommendations: Update ImsService to SMR Sep-2025 Release 1 or...
CVE-2025-54997
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections...
The software of the centralized backup and disaster recovery system of Dell PowerProtect Data Manager is vulnerable due to errors in the use of privileged application programming interfaces (APIs). This vulnerability allows a malicious individual to escalate their privileges.
The vulnerability of the software for centralized backup and disaster recovery management in Dell PowerProtect Data Manager is related to errors when privileged application programming interfaces are used. Exploiting this vulnerability can allow an attacker to gain increased privileges...
SAMSUNG SMR 安全漏洞
SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung mobile applications. SAMSUNG SMR suffers from a security vulnerability that stems from mishandling of insufficient privileges, which could lead to the use of privileged APIs by a...
CVE-2025-23375
Dell PowerProtect Data Manager Reporting, versions 19.17, contains an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
The vulnerability of the XWiki platform for creating collaborative web applications lies in errors that occur when using privileged application programming interfaces (APIs). This allows a malicious individual to gain access to read, modify, and delete user accounts.
The vulnerability of the XWiki Platform relates to errors that occur when using privileged application programming interfaces APIs. Exploiting this vulnerability can allow a malicious actor to gain access to read, modify, and delete user accounts...
Nebula Informatics SecHard 安全漏洞
Nebula Informatics SecHard is a multi-module software for implementing a zero-trust architecture from Nebula Informatics. A security vulnerability exists in versions prior to Nebula Informatics SecHard 3.3.0.20220411 that stems from improper use of privileged APIs, plaintext transfer of sensitive...
PT-2025-12330
Name of the Vulnerable Software and Affected Versions Nebula Informatics SecHard versions prior to 3.3.0.20220411 Description The issue is related to the incorrect use of privileged APIs, cleartext transmission of sensitive information, and insufficiently protected credentials. This allows for...
The vulnerability of the WhatsUp Gold network infrastructure monitoring system, related to errors when using privileged application programming interfaces (APIs), allows a hacker to execute arbitrary code.
The vulnerability of the WhatsUp Gold network infrastructure monitoring system is related to errors when privileged application programming interfaces APIs are used. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the D-Link DSL6740C modem’s microprogramming software lies in errors that occur when privileged application programming interfaces are used. This allows a perpetrator to gain access to the device.
The vulnerability of the D-Link DSL6740C modem’s microprogramming software is related to errors that occur when privileged application programming interfaces APIs are used. Exploiting this vulnerability can allow a malicious actor to gain access to the device by sending a specially crafted API...
Mozilla Firefox ESR < 128.2
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-40 advisory. - Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs...
Security Vulnerabilities fixed in Firefox ESR 128.2 — Mozilla
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. Internal browser...
CVE-2023-6522
Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3914...
PT-2024-13834
Name of the Vulnerable Software and Affected Versions SoliPay Mobile App versions prior to 5.0.8 Description The issue is related to an Incorrect Use of Privileged APIs, also described as an Improper Privilege Management vulnerability, in the SoliPay Mobile App. This vulnerability allows for the...
PT-2024-1743 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Unicam FX All versions Description: The issue is related to the incorrect use of privileged APIs in the Windows installer agent used by Unicam FX. This could allow an attacker to perform a local privilege escalation attack by exploiting the...
CVE-2023-6151
Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105...