Lucene search
K

15 matches found

NVD
NVD
added 2026/06/17 7:18 p.m.11 views

CVE-2026-53871

Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the getprofilecookie function that accepts unauthenticated profile names from the hermesprofile cookie. An authenticated attacker can forge the hermesprofile cookie value to bypass profile-scoped authorization checks a...

8.6CVSS0.00365EPSS
Exploits0References5
CVE
CVE
added 2026/06/17 5:58 p.m.20 views

CVE-2026-53871

Hermes WebUI prior to version 0.51.368 contains an authorization bypass in get_profile_cookie() that accepts unauthenticated profile names via the hermes_profile cookie. An authenticated attacker can forge the hermes_profile cookie to bypass profile-scoped authorization and access sessions, files...

8.6CVSS5.3AI score0.00365EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/09 5:27 p.m.7 views

CVE-2025-22420

In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.8AI score0.00071EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-27693

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/05 6:15 a.m.4 views

CVE-2025-21035

Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles...

4.6CVSS6.5AI score0.00208EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.3 views

SAMSUNG Notes Information Disclosure Vulnerability (CNVD-2025-24709)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an information disclosure vulnerability that can be exploited by an attacker to cause data access across user profiles...

4.3CVSS6.3AI score0.00136EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.4 views

SAMSUNG Notes 安全漏洞

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an information disclosure vulnerability that can be exploited by an attacker to cause data access across user profiles...

4.3CVSS6.2AI score0.00136EPSS
Exploits0References1
NVD
NVD
added 2025/08/26 11:15 p.m.8 views

CVE-2025-0083

In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

4CVSS0.00091EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/26 10:48 p.m.3 views

CVE-2025-0083

In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5AI score0.00091EPSS
Exploits0References3
CVE
CVE
added 2025/08/26 10:48 p.m.80 views

CVE-2025-0083

CVE-2025-0083 is an information-disclosure vulnerability affecting Google Android, caused by URI double encoding that allows cross-profile content access without extra privileges. The issue is referenced across multiple sources (Android Android framework/system entries in the 2025 Android bulleti...

4CVSS6AI score0.00091EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/05/07 9:15 a.m.9 views

CVE-2025-20966

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles...

4.6CVSS5.8AI score0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/12 12:0 a.m.5 views

PT-2025-11061 · Google · Android

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: A flaw exists that may allow access to content across user profiles due to URI double encoding. This could result in local information disclosure without...

4CVSS5.8AI score0.00091EPSS
Exploits0References7
OSV
OSV
added 2025/02/04 8:15 a.m.4 views

CVE-2025-20884

Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles...

4.6CVSS5.8AI score0.00201EPSS
Exploits0References1
OSV
OSV
added 2024/11/06 3:15 a.m.4 views

CVE-2024-49402

Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles...

4.6CVSS5.8AI score0.00216EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/06 12:0 a.m.5 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Nov-2024 Release 1 prior to version 1, which stems from Dressroom containing an improper...

4.6CVSS6AI score0.00216EPSS
Exploits0References2
Rows per page
Query Builder