Lucene search
K

6 matches found

OSV
OSV
added 2026/06/26 11:33 p.m.3 views

GHSA-HMGP-W9JM-VP95 Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)

Summary In gonic, the Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view perform no per-resource authorization. Once authenticated as any user admin or not, an attacker can: 1. Delete any playlist owned by any other user including admin by passing its id. 2. Read the full...

7.1CVSS5.8AI score0.00168EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 5:20 a.m.7 views

CVE-2023-21289

In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.7AI score0.00088EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/30 12:0 a.m.7 views

PT-2023-18169 · Google · Android

Name of the Vulnerable Software and Affected Versions: TelecomServiceImpl.java affected versions not specified Description: The issue is related to a missing permission check in the registerPhoneAccount function of TelecomServiceImpl.java, which could lead to local information disclosure. This...

5.5CVSS5.2AI score0.00097EPSS
Exploits0References8
OSV
OSV
added 2023/10/27 9:15 p.m.5 views

CVE-2023-40123

In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6AI score0.00089EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.7 views

PT-2023-27278 · Google · Android

Name of the Vulnerable Software and Affected Versions: PipMenuView.java affected versions not specified Description: The issue is related to a possible bypass of a multi-user security boundary due to a confused deputy in the updateActionViews of PipMenuView.java. This could lead to local...

5.5CVSS5.1AI score0.00089EPSS
Exploits0References6
OSV
OSV
added 2023/08/14 10:15 p.m.4 views

CVE-2023-21289

In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.2AI score
Exploits0References2
Rows per page
Query Builder