CVE-2026-4868 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...

EUVD-2026-31060

A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user...

PT-2026-39161

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account...

CVE-2026-6915

Technical details (affected product/version, root cause specifics, exploit information) are not publicly provided in the supplied documents. Monitor for updates from official CVE/NVD feeds for additional concrete details.

CVE-2026-3837

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

GHSA-FPJ4-9QHX-5M6M DNN: Force Friend Request Acceptance

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from insufficient authorization checks on user-operated...

PT-2026-7520

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.1 through 18.6.6 GitLab CE/EE versions 18.7 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 Description An issue existed in GitLab CE/EE that, under specific circumstances, could allow an authenticated user to...

CVE-2023-40098

In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...

CVE-2025-48604

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-32329

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-48591

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-32329

CVE-2025-32329 affects Android Framework (Session.java). The described issue is a logic error in multiple Session.java functions that can permit viewing images belonging to another user on the device. This leads to local escalation of privilege with no additional execution privileges required and...

PT-2025-49000

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A flaw exists in the Framework component of Android operating systems due to insufficient protection of service data. Exploitation may allow a remote attacker to elevate privileges...

PT-2025-47800

Name of the Vulnerable Software and Affected Versions AWS Wickr versions prior to 6.62.13 Description A flaw exists in the call termination process that may allow a call participant to continue receiving audio input from another user after closing their call window. This issue occurs in AWS Wickr...

Redis: Redis: Authenticated users can execute LUA scripts as a different user

A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...

PT-2025-43488

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2021-7945

Malicious code in bioql PyPI...

CVE-2025-0076

Google Android CVE-2025-0076 describes an information-disclosure flaw where a missing permission check could allow viewing icons belonging to another user. Exploitation requires local access with no user interaction, aligning with the CVSS local access and low impact (C:L, I:N, A:N). Connected so...

CVE-2025-0087

In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...