29 matches found
PYSEC-2026-317 Codechecker has an authentication bypass for certain API calls
Summary Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. Details The following functions are affected under the Authentication endpoint: getAuthorisedNames,...
Google Android 安全漏洞
Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from the InputInterceptor method in Letterbox.java. This method allows for click hijacking/coverage attacks, potentially leading users to...
shopper 授权问题漏洞
Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 had authorization-related vulnerabilities. These vulnerabilities stemmed from two authorization flaws in the team settings system: the mount method in Settings/Team/Index was not...
Codechecker has an authentication bypass for certain API calls
Summary Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. Details The following functions are affected under the Authentication endpoint: getAuthorisedNames,...
ASB-A-433251166
Bulletin has no description...
CVE-2021-22351
There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table,causing system exceptions...
EUVD-2025-26862
Malicious code in bioql PyPI...
CVE-2025-26420
In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2025-26420
In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-20947
In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in multiple Mozilla products, whi...
mozilla: Document content could partially obscure security prompts
The Mozilla Foundation Security Advisory describes this flaw as: The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions...
mozilla: Document content could partially obscure security prompts
The Mozilla Foundation Security Advisory describes this flaw as: The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions...
mozilla: Document content could partially obscure security prompts
The Mozilla Foundation Security Advisory describes this flaw as: The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions...
mozilla: Document content could partially obscure security prompts
The Mozilla Foundation Security Advisory describes this flaw as: The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions...
SUSE CVE-2024-6607
It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a select element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox 128...
UBUNTU-CVE-2024-4768
A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...
Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions
The Mozilla Foundation Security Advisory describes this flaw as: A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions...
PT-2024-21755 · Google · Android
Name of the Vulnerable Software and Affected Versions: FaceEnrollFoldPage.java affected versions not specified Description: The issue is related to a possible way to access files that the app cannot access due to an Intent Redirect GRANT URI PERMISSIONS Attack. This could lead to local escalation...
Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
The Mozilla Foundation Security Advisory describes this flaw as: A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting...