CVE-2026-9678

Undici (node) vulnerability CVE-2026-9678: in shared-cache mode, the cache interceptor may misclassify responses as cacheable when Cache-Control uses whitespace-padded private/no-cache directives (e.g., private=" authorization" or no-cache="\tauthorization"). The whitespace is preserved by the pa...

EUVD-2026-23903

OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure...

CVE-2025-48600

In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48600

In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the American company Google. Google Android suffers from a security vulnerability that stems from a lack of permission checking, which could lead to cross-user information disclosure...

EUVD-2024-54955

Malicious code in bioql PyPI...

EUVD-2025-25856

Malicious code in bioql PyPI...

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-0082

In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

PT-2025-43484

Name of the Vulnerable Software and Affected Versions versions prior to 2025-48600 Description A missing permission check in multiple files may allow information disclosure across users. Exploitation does not require additional execution privileges or user interaction. This could lead to local...

CVE-2023-21321

In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2025-11051

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The generateFileInfo function within BluetoothOppSendFileInfo.java may allow for cross-user media disclosure due to a confused deputy issue. This could result in local information disclosur...

IBM Tivoli Storage Manager Client Symlink Cross-User Information Disclosure

The version of IBM Tivoli Storage Manager Client installed on the remote Linux host is 5.5.x prior to 6.3.2.6, 6.4.x prior to 6.4.3.3, or 7.1.x prior to 7.1.6. It is, therefore, affected by an information disclosure vulnerability due to creating temporary files insecurely. A local attacker can...