46 matches found
sqli_exploit
S...
CVE-2026-28816
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does not have permission...
CVE-2026-29077
Frappe (full‑stack web application framework) is affected by CVE-2026-29077 due to a lack of validation when sharing documents, enabling a user to share a document with a permission they themselves do not possess. Affected versions are prior to 15.98.0 and 14.100.0. The issue has been patched in ...
CVE-2026-23623 Collabora Online vulnerable to Authorization Bypass
Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Collabora Online Development Edition version 25.04.08.2 and prior to Collabora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5, a user with view-only rights and no download privileges can obtai...
CVE-2025-43495
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to monitor keystrokes without user permission...
CVE-2025-43495
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to monitor keystrokes without user permission...
CVE-2025-22169
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to subscribe to an item/object without having the expected permission level...
CVE-2025-22169
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to subscribe to an item/object without having the expected permission level...
CVE-2025-22169
CVE-2025-22169 affects Atlassian Jira Align. Multiple connected sources describe an authorization flaw where a low-privilege user can access endpoints that disclose limited sensitive information, including subscribing to an item/object without the expected permissions. This once again confirms an...
EUVD-2025-26826
Malicious code in bioql PyPI...
EUVD-2025-26860
Malicious code in bioql PyPI...
CVE-2025-43362
The issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26, iOS 18.7 and iPadOS 18.7. An app may be able to monitor keystrokes without user permission...
CVE-2025-48523
In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48523
In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48523
In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48523
CVE-2025-48523 targets Android: the issue occurs in onCreate of SelectAccountActivity.java and allows adding contacts without the required permission due to a logic error. This enables local escalation of privilege with no additional execution privileges and without user interaction. Impact is de...
PT-2025-36050
Name of the Vulnerable Software and Affected Versions: SelectAccountActivity.java affected versions not specified Description: A logic error in the onCreate function of SelectAccountActivity.java may allow adding contacts without the necessary permissions. This could lead to local privilege...
CVE-2024-20885
Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows local attackers to make a call without proper permission...
CVE-2023-4814
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to...
CVE-2023-30715
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission...