CVE-2026-42843 grav-plugin-api: Grav API Privilege Escalation to Super Admin

Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin UsersController::update allows any...

EUVD-2021-26348

Malware in sbrugna...

EUVD-2020-6276

Malware in sbrugna...

EUVD-2018-19638

Malware in sbrugna...

CVE-2025-20997

Incorrect default permission in Framework for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to reset some configuration of Galaxy Watch...

CVE-2022-23139

ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could...

CVE-2020-14117

A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content...

CVE-2024-8039

Improper permission configurationDomain configuration vulnerability of the mobile application com.afmobi.boomplayer can lead to account takeover risks...

Design/Logic Flaw

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...

CVE-2023-51650 Unauthorized access vulnerability on three interfaces

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...

Information Disclosure

github.com/goreleaser/nfpm is vulnerable to Information Disclosure. The vulnerability exists due to improper permission configuration in files and folders which allows an attacker access to the package on the file system...

CVE-2022-23139

ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could...

Design/Logic Flaw

ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could...

Xiaomi Content Center APP incorrect permission configuration vulnerability

Xiaomi Content Center Xiaomi Content Center is a content center of Xiaomi China, Inc. An incorrect permission configuration vulnerability exists in Xiaomi Content Center APP, which is caused by the lack of proper permission validation in Xiaomi Content Center APP, and can be exploited by attacker...

CVE-2020-14117

CVE-2020-14117 pertains to Xiaomi Content Center APP and is linked across multiple sources. The issue is described as an improper permission configuration caused by lack of correct permission verification within the Xiaomi Content Center APP, enabling attackers to invoke sensitive component funct...

CVE-2021-37107

There is an improper memory access permission configuration on ACPU.Successful exploitation of this vulnerability may cause out-of-bounds access...

CVE-2021-39992

CVE-2021-39992 affects Huawei EMUI (Android-based) via a vulnerability in ACPU caused by a security privilege misconfiguration. The issue potentially allows code execution with high impact on confidentiality, integrity, and availability, given the CVSS 3.1 metrics (LOCAL access, LOW privileges re...

Node.js 12.x < 12.22.2 / 14.x < 14.17.2 / 16.x < 16.4.1 Multiple Vulnerabilities

The version of Node.js installed on the remote host is prior to 12.22.2, 14.17.2, 16.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2021 Security Releases advisory. - Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used...

Feeds JSONPath Parser - Critical - Unsupported - SA-CONTRIB-2019-083

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466procedure---own-project---unsupported Update: Feeds Jsonpat...

CVE-2018-7926

Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific...