15 matches found
CVE-2026-53871
Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the getprofilecookie function that accepts unauthenticated profile names from the hermesprofile cookie. An authenticated attacker can forge the hermesprofile cookie value to bypass profile-scoped authorization checks a...
CVE-2026-53871
Hermes WebUI prior to version 0.51.368 contains an authorization bypass in get_profile_cookie() that accepts unauthenticated profile names via the hermes_profile cookie. An authenticated attacker can forge the hermes_profile cookie to bypass profile-scoped authorization and access sessions, files...
CVE-2025-22420
In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-27693
Malicious code in bioql PyPI...
CVE-2025-21035
Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles...
SAMSUNG Notes Information Disclosure Vulnerability (CNVD-2025-24709)
SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an information disclosure vulnerability that can be exploited by an attacker to cause data access across user profiles...
SAMSUNG Notes 安全漏洞
SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an information disclosure vulnerability that can be exploited by an attacker to cause data access across user profiles...
CVE-2025-0083
In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-0083
In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-0083
CVE-2025-0083 is an information-disclosure vulnerability affecting Google Android, caused by URI double encoding that allows cross-profile content access without extra privileges. The issue is referenced across multiple sources (Android Android framework/system entries in the 2025 Android bulleti...
CVE-2025-20966
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles...
PT-2025-11061 · Google · Android
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: A flaw exists that may allow access to content across user profiles due to URI double encoding. This could result in local information disclosure without...
CVE-2025-20884
Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles...
CVE-2024-49402
Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Nov-2024 Release 1 prior to version 1, which stems from Dressroom containing an improper...