14 matches found
CVE-2026-9808
An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...
CVE-2026-9808
An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...
CVE-2026-44998
OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/de...
CVE-2023-21389
In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21389
In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21389
CVE-2023-21389 concerns a bypass of profile owner restrictions in Android Settings due to a missing permission check, enabling local elevation of privilege without extra execution privileges and without user interaction. Multiple connected sources describe this as an Android elevation-of-privileg...
CVE-2023-21389
In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2023-18164 · Settings · Settings
Name of the Vulnerable Software and Affected Versions: Settings affected versions not specified Description: The issue is related to a missing permission check in Settings, allowing for a bypass of profile owner restrictions. This could lead to local escalation of privilege without requiring...
PT-2022-14757 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a missing permission check in the onOptionsItemSelected method of ManageApplications.java, which could allow for a bypass of profile owner restrictions. This might lead to a loc...
CVE-2022-20544
In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product...
CVE-2022-1783
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their...
No restrictions on owner setting params
Handle goatbug Vulnerability details Impact function setMinLicenseFeeuint256 newMinLicenseFee public override onlyOwner minLicenseFee = newMinLicenseFee; function setAuctionDecrementuint256 newAuctionDecrement public override onlyOwner auctionDecrement = newAuctionDecrement; Proof of Concept Both...
DEBIAN-CVE-2015-8748
Radicale before 1.1 allows remote authenticated users to bypass ownerwrite and owneronly limitations via regex metacharacters in the user name, as demonstrated by "."...
Buffer overflow
Radicale before 1.1 allows remote authenticated users to bypass ownerwrite and owneronly limitations via regex metacharacters in the user name, as demonstrated by "."...