Lucene search
K

124 matches found

Cvelist
Cvelist
added 2025/09/02 10:11 p.m.10 views

CVE-2025-22422

In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

0.00093EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/26 12:22 p.m.2 views

CVE-2025-53813 TCC Bypass via misconfigured Node fuses in Nozbe

The configuration of Nozbe on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC Transparency, Consent, and Control permissions. Acquired resource access is limited to previously granted permissions...

4.8CVSS7.9AI score0.00119EPSS
Exploits0References2
CVE
CVE
added 2025/08/26 12:22 p.m.13 views

CVE-2025-53813

CVE-2025-53813 affects Nozbe on macOS due to a misconfiguration of the RunAsNode fuse, enabling a local unprivileged attacker to execute code that inherits Nozbe TCC permissions. Acquired resources are limited to user-granted permissions; other access requires a system prompt. The issue is fixed ...

4.8CVSS7.4AI score0.00119EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.2 views

CVE-2024-23203

The issue was addressed with additional permissions checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.5. A shortcut may be able to use sensitive data with certain actions without prompting the user...

7.5CVSS7AI score0.00918EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:9 a.m.5 views

CVE-2024-40836

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the user...

7.5CVSS5.8AI score0.00555EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:49 a.m.7 views

CVE-2023-32391

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.5, iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. A shortcut may be able to use sensitive data with certain actions without prompting the user...

4.6CVSS5.4AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:18 a.m.5 views

CVE-2023-27963

The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the use...

7.5CVSS6.2AI score0.00807EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:23 a.m.5 views

CVE-2022-34474

Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox 102...

6.1CVSS6AI score0.00406EPSS
Exploits0References1
NVD
NVD
added 2025/04/08 4:15 p.m.13 views

CVE-2025-32018

Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...

8CVSS0.00351EPSS
Exploits0References1
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-11300

In lunary-ai/lunary before version 1.6.3, an improper access control vulnerability exists where a user can access prompt data of another user. This issue affects version 1.6.2 and the main branch. The vulnerability allows unauthorized users to view sensitive prompt data by accessing specific URLs...

8.8CVSS0.00671EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:9 a.m.3 views

CVE-2024-11167 Improper Access Control in danny-avila/librechat

An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. This issue occurs because the endpoint does not verify whether the provided prompt ID belongs to the current user...

9.4CVSS7.2AI score0.00516EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/05 11:53 a.m.9 views

CVE-2024-7473

An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3...

7.5CVSS6.4AI score0.00433EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/10/07 1:38 a.m.6 views

firefox: Clipboard write permission bypass

The Mozilla Foundation's Security Advisory: An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events...

7.5CVSS7.3AI score0.00426EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/10/07 1:20 a.m.2 views

firefox: Clipboard write permission bypass

The Mozilla Foundation's Security Advisory: An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events...

7.5CVSS7.3AI score0.00426EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/10/03 11:30 a.m.2 views

firefox: Clipboard write permission bypass

The Mozilla Foundation's Security Advisory: An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events...

7.5CVSS7.3AI score0.00426EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/10/03 11:20 a.m.8 views

firefox: Clipboard write permission bypass

The Mozilla Foundation's Security Advisory: An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events...

7.5CVSS7.3AI score0.00426EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2024/10/02 4:14 p.m.15 views

CVE-2024-8900

The Mozilla Foundation's Security Advisory: An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events...

7.5CVSS6.7AI score0.00426EPSS
Exploits0References5
NVD
NVD
added 2024/09/17 7:15 p.m.23 views

CVE-2024-8900

An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox 129, Firefox ESR 128.3, and Thunderbird 128.3...

7.5CVSS0.00426EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2024/09/17 7:15 p.m.14 views

CVE-2024-8900

An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox 129...

6.6AI score0.00426EPSS
Exploits0
CVE
CVE
added 2024/09/17 6:14 p.m.145 views

CVE-2024-8900

CVE-2024-8900 describes a vulnerability where an attacker could write data to the user’s clipboard, bypassing the user prompt, during a specific sequence of navigational events. Affected products and versions per the provided data are Mozilla Firefox before version 129, Firefox ESR before 128.3, ...

7.5CVSS7.5AI score0.00426EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder