CVE-2026-24885

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery CSRF vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the...

CVE-2026-24885 Kanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration in Project Role Assignment

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery CSRF vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the...

CVE-2026-2078

A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\PermissionController.java of the component...

CVE-2026-2078

A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\PermissionController.java of the component...

CVE-2026-2078 yeqifu warehouse Permission Management PermissionController.java deletePermission improper authorization

A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\PermissionController.java of the component...

CVE-2026-2078 yeqifu warehouse Permission Management PermissionController.java deletePermission improper authorization

A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\PermissionController.java of the component...

CVE-2026-2078

The CVE-2026-2078 vulnerability affects yeqifu warehouse in the Permission Management component. Specifically, improper authorization exists in PermissionController.java within addPermission, updatePermission, and deletePermission, enabling remote manipulation. Multiple sources confirm the exploi...

CVE-2022-20218

In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

studentmanager 代码注入漏洞

studentmanager is a student management system by the individual developer ZeroWdd. A code injection vulnerability exists in studentmanager version 1.0, which stems from the parameter url of the file src/main/java/com/zero/system/controller/PermissionController.java that can lead to cross-site...

PT-2025-2029 · Unknown · Zerowdd Studentmanager

Name of the Vulnerable Software and Affected Versions: ZeroWdd studentmanager version 1.0 Description: A vulnerability was found in the submitAddPermission function of the PermissionController.java file. The manipulation of the url argument leads to cross-site scripting. The attack may be initiat...

CVE-2023-21005

In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-20272

In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2022-20271

In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

PT-2022-14496 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible misunderstanding about the default SMS application's permission set due to misleading text in the PermissionController. This could lead to local information disclosur...

PT-2022-14495 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to the PermissionController, where there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation ...

CVE-2022-20218

In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

PT-2022-14441 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-12 through Android-12L Description: The issue is caused by a logic error in the PermissionController code, allowing permissions to be obtained and retained without the user's consent. This can lead to local escalation...

PT-2022-11035 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-12L Description: The issue is related to a possible permission bypass in the PermissionController due to an unsafe PendingIntent. This could lead to local information disclosure, requiring User execution privileges fo...