Lucene search
+L

3763 matches found

OSV
OSV
added 2026/06/01 12:0 a.m.9 views

PUB-A-373409261

In smmuattachdev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.13 views

ASB-A-351830787

In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS5.9AI score0.00068EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.9 views

ASB-A-435188844

In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.001EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from the lack of permission checks in the addInputMethodListener function within com.android.server.inputmethod.InputMethodManagerService. Th...

10CVSS5.3AI score0.00122EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from missing permission checks for multiple functions in AppOpsService.java. This vulnerability may lead to the disclosure of local informati...

3.3CVSS5.3AI score0.00064EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.15 views

ASB-A-485397908

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

Jenkins AppSpider Plugin 安全漏洞

The Jenkins AppSpider Plugin is an open-source Jenkins application security scanning integration plugin. The Jenkins AppSpider Plugin versions 1.0.17 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of permission checks in the method responsible for form...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.12 views

PT-2026-43447

Summary An unauthenticated Remote Code Execution vulnerability exists in FUXA when secureEnabled is set to true. The POST /api/runscript endpoint checks authorization against the stored script's permission by ID, but when test: true is set in the request, it compiles and executes attacker-supplie...

9.3CVSS6.3AI score0.00751EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.11 views

WordPress plugin WishList Member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS5.9AI score0.00258EPSS
Exploits0References3
CVE
CVE
added 2026/05/22 3:39 a.m.21 views

CVE-2026-7249

The CVE-2026-7249 entry pertains to the WordPress Location Weather plugin (versions up to 3.0.2). It lacks capability checks in splw_update_block_options() and lwp_clean_weather_transients(), allowing authenticated contributors+ to disable all weather blocks and purge weather cache transients. Th...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References6
NVD
NVD
added 2026/05/21 9:16 p.m.16 views

CVE-2026-6826

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller. Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/fID with any file ID and receive a list of every page that references that file,...

6.9CVSS0.0025EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:57 p.m.8 views

CVE-2026-8205

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

6.3CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:55 p.m.11 views

CVE-2026-6826

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller. Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/fID with any file ID and receive a list of every page that references that file,...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/21 8:55 p.m.36 views

CVE-2026-6826 Concrete 9.5.0 and below has file usage disclosure via missing permission check in Usage controller

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller. Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/fID with any file ID and receive a list of every page that references that file,...

6.9CVSS0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 8:55 p.m.8 views

CVE-2026-6826 Concrete 9.5.0 and below has file usage disclosure via missing permission check in Usage controller

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller. Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/fID with any file ID and receive a list of every page that references that file,...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 8:55 p.m.18 views

CVE-2026-6826

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure due to a missing permission check in the usage controller. An unauthenticated visitor can access /ccm/system/dialogs/file/usage/{fID} with any file ID and obtain a list of every page referencing that file, includi...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/21 8:55 p.m.4 views

CVE-2026-6826 Concrete 9.5.0 and below has file usage disclosure via missing permission check in Usage controller

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller. Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/fID with any file ID and receive a list of every page that references that file,...

6.9CVSS5.9AI score0.0025EPSS
Exploits0References4
NVD
NVD
added 2026/05/15 10:16 p.m.25 views

CVE-2026-45301

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. This...

8.1CVSS0.00273EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/15 9:31 p.m.12 views

Duplicate Advisory: phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pqh6-8fxf-jx22. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use...

5.3CVSS5.3AI score0.00221EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/05/15 9:31 p.m.9 views

GHSA-P26V-FX3X-R2RP Duplicate Advisory: phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pqh6-8fxf-jx22. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use...

5.3CVSS5.3AI score0.00221EPSS
Exploits0References3
Rows per page
Query Builder