Lucene search
K

2406 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:0 a.m.4 views

CVE-2023-21081

In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

7.8CVSS6.8AI score0.00096EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:0 a.m.4 views

CVE-2023-20916

In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS6.7AI score0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:50 a.m.4 views

CVE-2023-32750

Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The...

6.5CVSS6.8AI score0.03846EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:26 a.m.5 views

CVE-2023-21396

In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.8AI score0.00105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:25 a.m.3 views

CVE-2023-21099

In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS6.8AI score0.00095EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:51 a.m.9 views

CVE-2023-46763

Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously...

5.3CVSS6.8AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:23 a.m.13 views

CVE-2022-34738

The SystemUI module has a vulnerability in permission control. If this vulnerability is successfully exploited, users are unaware of the service running in the background...

7.5CVSS6.9AI score0.00494EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:22 a.m.8 views

CVE-2022-4652

The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.00534EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2025/05/23 12:0 a.m.7 views

The vulnerability of the Background Job Handler component of the software platform based on Git, which is used for collaborative code development on GitLab, allows a malicious actor to cause a system failure.

The vulnerability of the Background Job Handler component of the software platform based on Git, which is used for collaborative code development on GitLab, is related to insufficient memory allocation for operations. Exploiting this vulnerability can allow a malicious actor to cause a system...

4.3CVSS5.5AI score0.00358EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 11:36 p.m.6 views

CVE-2022-20470

In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS6.8AI score0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:36 p.m.4 views

CVE-2022-20446

In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

3.3CVSS6.6AI score0.00103EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:35 p.m.5 views

CVE-2022-20282

In AppWidget, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Androi...

7.8CVSS7AI score0.00105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:34 p.m.3 views

CVE-2022-20197

In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS6.8AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:32 p.m.3 views

CVE-2022-40886

DedeCMS 5.7.98 has a file upload vulnerability in the background...

7.2CVSS6.6AI score0.01019EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:32 p.m.14 views

CVE-2022-40929

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case running arbitrary Bash scripts on behalf of users...

9.8CVSS9.4AI score0.01214EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:19 p.m.6 views

CVE-2022-37254

DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting XSS via Background - System - system function - configuration management...

5.4CVSS6.1AI score0.00403EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:54 p.m.9 views

CVE-2022-45407

If an attacker loaded a font using FontFace on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. This vulnerability affects Firefox 107...

7.5CVSS6.3AI score0.00627EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:34 p.m.7 views

CVE-2022-2678

A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file adminfeature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be...

8.8CVSS7.1AI score0.00693EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 p.m.12 views

CVE-2022-20356

In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...

7.8CVSS7.1AI score0.00106EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:14 p.m.9 views

CVE-2022-36671

Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...

7.5CVSS7.5AI score0.00379EPSS
Exploits1References1
Rows per page
Query Builder