30 matches found
DEBIAN-CVE-2026-5892
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-5892
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...
Exploit for Code Injection in Anthropic Claude_Code
Claude Code: MCP Tool Confirmation Prompt Misrepresentation !...
CVE-2024-34730
In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2021-26049
Malware in sbrugna...
EUVD-2021-26095
Malware in sbrugna...
EUVD-2016-7622
Malware in sbrugna...
EUVD-2020-1885
Malware in sbrugna...
EUVD-2021-3065
Malicious code in bioql PyPI...
EUVD-2021-3052
Malicious code in bioql PyPI...
CVE-2025-26417
In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2025-26417
In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-21251
In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
CVE-2021-39692
In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2020-0382
In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...
CVE-2024-34730
In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
The vulnerability in the cursor display implementation of Mozilla Firefox, Firefox ESR, and the Thunderbird email client allows a hacker to obtain arbitrary permissions on a website without user consent.
The vulnerability in the cursor display implementation of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to an incorrect limitation on the number of layers or frames that can be displayed. Exploiting this vulnerability allows a malicious actor to obtain arbitrary...
CVE-2023-21251
In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
PT-2022-14672 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: A missing permission check in the restorePermissionState function of PermissionManagerServiceImpl.java allows for a possible bypass of user consent. This could lead to local escalati...
CVE-2022-20218
In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...