Lucene search
K

372 matches found

NVD
NVD
added 2025/09/04 7:15 p.m.7 views

CVE-2025-48532

In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITEEXTERNALSTORAGE permission due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.3CVSS0.00078EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/04 6:34 p.m.1 views

CVE-2025-48532

In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITEEXTERNALSTORAGE permission due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

6.3AI score0.00078EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/09/04 6:34 p.m.5 views

CVE-2025-48532

In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITEEXTERNALSTORAGE permission due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.3CVSS5.9AI score0.00078EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/30 6:20 p.m.5 views

CVE-2025-55443

Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details IP/port that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platfor...

9.1CVSS7AI score0.00226EPSS
Exploits0References1
OSV
OSV
added 2025/08/26 8:15 p.m.1 views

CVE-2025-55443

Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details IP/port that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platfor...

9.1CVSS5.9AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2025/08/26 8:15 p.m.6 views

CVE-2025-55443

Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details IP/port that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platfor...

9.1CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/26 12:0 a.m.10 views

CVE-2025-55443

Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details IP/port that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platfor...

0.00226EPSS
Exploits0References1
CVE
CVE
added 2025/08/26 12:0 a.m.31 views

CVE-2025-55443

Affected product: Telpo MDM Android, versions 1.4.6–1.4.9. Vulnerability: Sensitive administrator credentials and MQTT server connection details are stored in plaintext in log files on external storage, enabling access to the MDM web platform to perform administrative operations and to the MQTT s...

9.1CVSS6.6AI score0.00226EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.4 views

CVE-2024-11136

The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user’s external storage...

8.2CVSS7AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:42 a.m.11 views

CVE-2023-39962

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or global external...

7.7CVSS6.7AI score0.00822EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:17 a.m.7 views

CVE-2023-48303

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage...

2.7CVSS6.9AI score0.00671EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:20 a.m.21 views

CVE-2023-38195

Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external SQL Server or PostgreSQL metadata storage is used. Exploitation can only occur from a high-privileged user account...

4.9CVSS6.6AI score0.00432EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:2 a.m.10 views

CVE-2023-33188

Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated,...

6.3CVSS6.7AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:13 p.m.15 views

CVE-2022-36832

Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege...

4CVSS6.9AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:41 p.m.5 views

CVE-2021-0645

In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which should be restricted in Android 11, with no additional execution privileges...

7.8CVSS6.2AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.8 views

CVE-2021-24027

A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material...

7.5CVSS6.7AI score0.03805EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:59 p.m.8 views

CVE-2021-0486

In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS7AI score0.00109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:11 a.m.6 views

CVE-2019-15470

The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app versionCode=27, versionName=8.1.0 that allows other...

5.5CVSS6.6AI score0.00305EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/05/14 5:35 p.m.381 views

Exploit for CVE-2024-37010

CVE-2024-37010 Exploit for the CVE-2024-37010: access other u...

7.4AI score
Exploits1
RedhatCVE
RedhatCVE
added 2025/04/05 6:38 a.m.38 views

CVE-2025-30485

UNIX symbolic link Symlink following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files...

6.2CVSS6.9AI score0.00305EPSS
Exploits0References1
Rows per page
Query Builder