EUVD-2026-33982

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

CVE-2026-35447

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

CVE-2023-30641

Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data...

CVE-2021-43076

An improper privilege management vulnerability CWE-269 in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access...

PT-2022-4744 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.2.0 through 6.2.11 FortiOS versions 6.4.0 through 6.4.8 FortiOS versions 7.0.0 through 7.0.5 Description: The issue is related to improper access control, allowing an authenticated attacker with a restricted user profile to...

Superuser "su --daemon" vulnerability on Android >= 4.3

Current releases of the CyanogenMod/ClockWorkMod/Koush Superuser package may allow restricted local users to execute arbitrary commands as root in certain, non-default device configurations. Android 4.3 introduced the concept of "restricted profiles," created through the Settings - Users menu. A...