Lucene search
K

5600 matches found

EUVD
EUVD
added 2026/06/15 12:31 a.m.12 views

EUVD-2026-36668

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49175

A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. The attack may be launche...

5.3CVSS4.8AI score0.00203EPSS
Exploits0References5
NVD
NVD
added 2026/06/14 11:16 p.m.9 views

CVE-2026-12190

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS0.00105EPSS
Exploits0References5
NVD
NVD
added 2026/06/14 11:16 p.m.7 views

CVE-2026-12189

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS0.00105EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/14 10:45 p.m.29 views

CVE-2026-12190 Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS0.00105EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/14 10:45 p.m.8 views

CVE-2026-12190 Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS5.3AI score0.00105EPSS
Exploits0References5
CVE
CVE
added 2026/06/14 10:45 p.m.23 views

CVE-2026-12190

The CVE-2026-12190 entry concerns Genspark AI Workspace App version 2.8.4 on Android, affecting the ai.mainfunc.genspark component. The issue is described as improper authorization in the handler for a custom URL scheme, with exploitation limited to a local environment. The provided documents do ...

5.3CVSS5.5AI score0.00105EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/14 10:30 p.m.7 views

CVE-2026-12189 Moovit Bus & Public Transit App com.tranzmate improper authorization in handler for custom url scheme

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS5.3AI score0.00105EPSS
Exploits0References6
CVE
CVE
added 2026/06/14 10:30 p.m.22 views

CVE-2026-12189

The CVE-2026-12189 entry concerns Moovit Bus & Public Transit App 1.18 on Android, affecting the com.tranzmate component. The flaw is described as improper authorization in the handler for a custom URL scheme, enabling a local attacker to manipulate the app. Exploitability is local with low attac...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/14 10:30 p.m.24 views

CVE-2026-12189 Moovit Bus & Public Transit App com.tranzmate improper authorization in handler for custom url scheme

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS0.00105EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.13 views

PT-2026-49147

Name of the Vulnerable Software and Affected Versions Genspark AI Workspace App version 2.8.4 Description An issue exists in the ai.mainfunc.genspark component of the Android application. Improper authorization occurs within the handler for custom URL schemes, which can be exploited by an attacke...

5.3CVSS5.6AI score0.00105EPSS
Exploits0References7
NVD
NVD
added 2026/06/12 8:16 p.m.12 views

CVE-2026-54357

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS0.00254EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 7:25 p.m.13 views

CVE-2026-54357 MISP improper authorization allows organization administrators to modify site administrator user settings

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS5.3AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 7:25 p.m.32 views

CVE-2026-54357 MISP improper authorization allows organization administrators to modify site administrator user settings

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 7:25 p.m.8 views

EUVD-2026-36549

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS5.2AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 7:25 p.m.20 views

CVE-2026-54357

CVE-2026-54357 describes an improper authorization flaw in MISP where an authenticated organization administrator could access or modify user settings of site administrators within the same organization. The underlying issue is that access-control checks scoped administrative actions by organizat...

5.1CVSS5.3AI score0.00254EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 7:16 p.m.13 views

CVE-2026-53408

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...

8.1CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 7:16 p.m.16 views

CVE-2026-53407

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...

9.8CVSS0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 7:16 p.m.12 views

CVE-2026-10715

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

5.1CVSS0.00215EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:22 p.m.11 views

CVE-2026-10715

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type//drafts and overwrite the draft of another user’s post. Affected component: draft autosave f...

5.1CVSS5.4AI score0.00215EPSS
Exploits0References2
Rows per page
Query Builder