CVE-2026-41903 FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifying any user's notification subscriptions (incomplete fix of CVE-2025-48472)

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERMEDITUSERS permission intended for general user-profile editing can read and modify the notification subscriptions of any other user, including admins, by sending a...

EUVD-2025-201782

In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not associated to a companion device due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User...

ASB-A-391895151

In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not associated to a companion device due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User...

EUVD-2019-7403

Malware in sbrugna...

EUVD-2020-3236

Malware in sbrugna...

EUVD-2023-25278

Malicious code in bioql PyPI...

CVE-2025-59687

IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...

CVE-2025-48472 FreeScout Vulnerable to Insufficient Authorization

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have...

CVE-2024-20802

Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment...

CVE-2023-21110

In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-10830

An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. Attackers can view notifications by entering many PINs in Lockdown mode. The Samsung ID is SVE-2019-16590 March 2020...

CVE-2019-15346

The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...

CVE-2024-40838

A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device...

CVE-2024-40838

A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device...

PT-2024-18708 · Samsung · Samsung Dex

Name of the Vulnerable Software and Affected Versions: Samsung DeX versions prior to SMR Jan-2024 Release 1 Description: The issue is related to improper access control, allowing the owner to access other users' notifications in a multi-user environment. Recommendations: For versions prior to SMR...

CVE-2023-21110

In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2023-21110

In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

PT-2023-4270 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome on Android versions prior to 103.0.5060.53 Description: The issue is related to incorrect security UI in Notifications, which can be exploited by a remote attacker to obscure the full screen notification via a crafted HTML page...

CVE-2020-10833

An issue was discovered on Samsung mobile devices with Q10.0 software. The DeX Lockscreen allows attackers to access the quick panel and notifications. The Samsung ID is SVE-2019-16532 March 2020...

CVE-2020-10834

An issue was discovered on Samsung mobile devices with P9.0 software. Attackers can view notifications on the lock screen via Routines. The Samsung ID is SVE-2019-15074 February 2020...