Lucene search
K

29 matches found

OSV
OSV
added 5 days ago5 views

PYSEC-2026-317 Codechecker has an authentication bypass for certain API calls

Summary Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. Details The following functions are affected under the Authentication endpoint: getAuthorisedNames,...

10CVSS6AI score0.00447EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from the InputInterceptor method in Letterbox.java. This method allows for click hijacking/coverage attacks, potentially leading users to...

6.2CVSS5.3AI score0.00076EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.7 views

shopper 授权问题漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 had authorization-related vulnerabilities. These vulnerabilities stemmed from two authorization flaws in the team settings system: the mount method in Settings/Team/Index was not...

9.9CVSS5.9AI score0.00321EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/05 5:58 p.m.10 views

Codechecker has an authentication bypass for certain API calls

Summary Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. Details The following functions are affected under the Authentication endpoint: getAuthorisedNames,...

10CVSS6AI score0.00447EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/01 12:0 a.m.5 views

ASB-A-433251166

Bulletin has no description...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.5 views

CVE-2021-22351

There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table,causing system exceptions...

8.1CVSS6.7AI score0.00614EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-26862

Malicious code in bioql PyPI...

4.4CVSS6.5AI score0.00084EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/06 5:21 p.m.5 views

CVE-2025-26420

In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

4.4CVSS6.9AI score0.00084EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/09/04 5:11 p.m.2 views

CVE-2025-26420

In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

4.4CVSS5.6AI score0.00084EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:7 a.m.4 views

CVE-2023-20947

In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS6.7AI score0.00098EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/01 12:0 a.m.1 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in multiple Mozilla products, whi...

6.1CVSS9AI score0.00359EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/08/14 3:3 p.m.3 views

mozilla: Document content could partially obscure security prompts

The Mozilla Foundation Security Advisory describes this flaw as: The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions...

8.1CVSS7.2AI score0.00492EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/14 3:3 p.m.4 views

mozilla: Document content could partially obscure security prompts

The Mozilla Foundation Security Advisory describes this flaw as: The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions...

8.1CVSS7.2AI score0.00492EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/14 3:2 p.m.4 views

mozilla: Document content could partially obscure security prompts

The Mozilla Foundation Security Advisory describes this flaw as: The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions...

8.1CVSS7.2AI score0.00492EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/13 4:39 p.m.5 views

mozilla: Document content could partially obscure security prompts

The Mozilla Foundation Security Advisory describes this flaw as: The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions...

8.1CVSS7.2AI score0.00492EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/07/13 2:47 a.m.4 views

SUSE CVE-2024-6607

It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a select element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox 128...

5.4CVSS6.1AI score0.00563EPSS
Exploits1References7
OSV
OSV
added 2024/05/14 6:15 p.m.2 views

UBUNTU-CVE-2024-4768

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

6.1CVSS7.3AI score0.00539EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2024/03/25 8:16 p.m.5 views

Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions

The Mozilla Foundation Security Advisory describes this flaw as: A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions...

5.5CVSS7.3AI score0.00609EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/03/11 12:0 a.m.5 views

PT-2024-21755 · Google · Android

Name of the Vulnerable Software and Affected Versions: FaceEnrollFoldPage.java affected versions not specified Description: The issue is related to a possible way to access files that the app cannot access due to an Intent Redirect GRANT URI PERMISSIONS Attack. This could lead to local escalation...

7.8CVSS6.7AI score0.0008EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/02/22 4:51 p.m.4 views

Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants

The Mozilla Foundation Security Advisory describes this flaw as: A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
Rows per page
Query Builder