Lucene search
K

67 matches found

SUSE CVE
SUSE CVE
added 2026/06/26 2:10 a.m.6 views

SUSE CVE-2026-53200

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...

8.8CVSS5.9AI score0.00129EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.18 views

PT-2026-51606

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.0 Description A user possessing users.edit and API permissions can escalate their privileges by sending a PATCH request to the '/api/v1/users/their own id' endpoint. This allows the user to grant themselves vario...

5.5CVSS5.9AI score0.00182EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-0061

In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9CVSS5.6AI score0.00073EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:31 a.m.13 views

EUVD-2026-33777

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00076EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 10:16 p.m.10 views

CVE-2026-0061

In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9CVSS0.00073EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 10:16 p.m.16 views

CVE-2026-0046

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2CVSS0.00076EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.35 views

CVE-2026-0061

In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00073EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:14 p.m.24 views

CVE-2026-0061

CVE-2026-0061 involves multiple functions of WindowState.java where a tapjacking/overlay condition could trick a user into accepting a permission. The issue allows local privilege escalation with no additional execution privileges and does not require user interaction for exploitation, per the pr...

5.9CVSS5.9AI score0.00073EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.10 views

CVE-2026-0046

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00076EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.33 views

CVE-2026-0048

In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00075EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:14 p.m.30 views

CVE-2026-0046

Technical details are not publicly available in the provided connected documents beyond the general CVE-2026-0046 description (InputInterceptor/Letterbox.java, tapjacking/overlay scenario). Monitor for updates.

6.2CVSS5.9AI score0.00076EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45580

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description An access control flaw exists within multiple functions of WindowState.java in the Framework component. This issue allows a tapjacking or overlay attack, where a user is tricked into acceptin...

7.2CVSS5.9AI score0.00073EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

A missing delay in popup notifications could have allowed an attacker to trick a user into granting permissions. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

8.8CVSS6.7AI score0.00731EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/04 1:57 a.m.6 views

CVE-2026-0007

In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.6CVSS6.1AI score0.00094EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/02 6:42 p.m.7 views

EUVD-2026-9226

In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.1AI score0.00094EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/02 6:42 p.m.4 views

CVE-2026-0007

In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.6CVSS6.1AI score0.00094EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/02 6:42 p.m.31 views

CVE-2026-0007

In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00094EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 6:42 p.m.17 views

CVE-2026-0007

Consolidated sources describe CVE-2026-0007 as a vulnerability in WindowInfo.cpp, writeToParcel, enabling a tapjacking/overlay attack that could grant permissions and allow local elevation of privilege without additional execution privileges. Exploitation details are not provided in the Initial d...

8.6CVSS6.1AI score0.00094EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/10 5:27 p.m.6 views

CVE-2026-25805

Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used withou...

6.4CVSS5.6AI score0.00239EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:15 a.m.8 views

CVE-2019-2218

In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for...

7.8CVSS7.1AI score0.00153EPSS
Exploits0References1
Rows per page
Query Builder