CVE-2025-22424

In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2026-0009

In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0045

In btajvrfcommconnect of btajvact.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0076

In validateNode of ResourceTypes.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0078

In setGlobalProxy of DevicePolicyManagerService.java, there is a possible desync in persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0036

In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26418

In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2025-48649

In multiple locations, there is a possible way to reset user-selected permissions selections due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48652

In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Guten Free Options - Cross Site Scripting

Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...

mooSocial 3.1.8 - External Service Interaction

mooSocial 3.1.8 is vulnerable to external service interaction via multiple parameters in the post function. id: CVE-2023-43323 info: name: mooSocial 3.1.8 - External Service Interaction author: ritikchaddha severity: medium description: | mooSocial 3.1.8 is vulnerable to external service...

Skype for Business 2019 (SfB) - Blind Server-side Request Forgery

Skype Pre-Auth Server-side Request Forgery SSRF vulnerability id: CVE-2023-41763 info: name: Skype for Business 2019 SfB - Blind Server-side Request Forgery author: hateshape severity: medium description: | Skype Pre-Auth Server-side Request Forgery SSRF vulnerability impact: | Unauthenticated...

Payara Server - Cross-Site Scripting

Payara Server versions 4.1.2.191.54, 5.83.0, 6.34.0, and 7.2026.1 contain a stored XSS vulnerability caused by improper input sanitization in the REST Management Interface. This allows attackers to mislead administrators into changing the admin password via a URL payload; however, the exploit...

CVE-2026-0046

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48595

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-35212

OpenCTI vulnerability CVE-2026-35212: XSS in rendering of email-message observable body data due to insufficient sanitization in versions prior to 7.260227.0. The body content is rendered without proper sanitization, requiring user interaction and could be triggered by sharing STIX or ingesters, ...

Malicious code in vg-interaction-model (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis aba91a5b2aeb99e94b28109825a7ac069669d39c12c118fd37d9ef70afe63261 The OpenSSF Package Analysis project identified 'vg-interaction-model' @ 40.0.1 npm as malicious. It is considered malicious because: - The...

MAL-2026-5168 Malicious code in vg-interaction-model (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis aba91a5b2aeb99e94b28109825a7ac069669d39c12c118fd37d9ef70afe63261 The OpenSSF Package Analysis project identified 'vg-interaction-model' @ 40.0.1 npm as malicious. It is considered malicious because: - The...

EUVD-2026-33918

CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to...