NetworkManager: NetworkManager File Access

A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added t...

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows an attacker to access and send support calls for other users by manipulating the chamado parameter via a crafted GET request. The documents do not provide details on exploited versions, specific vectors beyond the parameter manipulat...

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

CVE-2025-9615

CVE-2025-9615 affects NetworkManager. A flaw allows non-root users to configure the system network and enables access to files owned by other users, since the NetworkManager daemon runs with root privileges. The result is potential exposure of user-owned files due to misconfigured access to netwo...

CVE-2025-41341

CVE-2025-41341 involves a missing authorization vulnerability in CanalDenuncia.app. An attacker can access other users’ information by issuing a POST to /backend/api/buscarUsuarioByDenuncia.php with the parameters id_denuncia and seguro . Affected software is CanalDenuncia.app; the vulnerability’...

CanalDenuncia App 安全漏洞

CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. An information disclosure vulnerability exists in CanalDenuncia App due to incorrect validation of the parameters iddenuncia and iduser authorization in /backend/api/buscarDocumentosByIdDenunciaUsuario.php. An attacker...

PT-2025-45008

Name of the Vulnerable Software and Affected Versions CanalDenuncia.app affected versions not specified Description A lack of authorization exists in CanalDenuncia.app. An attacker can gain access to other users' information by sending a POST request through the email parameter in the...

CVE-2025-52389

An Insecure Direct Object Reference IDOR in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request...

SAMSUNG Video Player 安全漏洞

SAMSUNG Video Player is a built-in system video player application optimized for the Samsung Galaxy series from Samsung South Korea. A security vulnerability exists in SAMSUNG Video Player that originates from improper validation of user input. An attacker could exploit the vulnerability to acces...

CVE-2021-24197

The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by takin...

CVE-1999-0825

The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail...