Lucene search
K

20 matches found

Cvelist
Cvelist
added 2026/06/01 9:14 p.m.40 views

CVE-2026-0046

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00076EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:14 p.m.35 views

CVE-2026-0048

Technical details for CVE-2026-0048 are not publicly provided in the supplied documents. The description notes a tapjacking/overlay issue with local privilege escalation, but no concrete affected products, versions, or fixes are disclosed. Monitor for updates.

6.8CVSS5.9AI score0.00075EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/09 5:27 p.m.7 views

CVE-2025-48597

In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.8AI score0.00074EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/08 6:30 p.m.6 views

EUVD-2025-201767

In multiple functions of HeaderPrivacyIconsController.kt, there is a possible way to grand permissions across user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.4AI score0.00089EPSS
Exploits0References3
OSV
OSV
added 2025/06/30 3:16 p.m.8 views

BIT-GITLAB-2025-2938 Business Logic Errors in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References3
NVD
NVD
added 2025/06/26 6:15 a.m.5 views

CVE-2025-2938

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval...

8.8CVSS0.00266EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:2 a.m.9 views

CVE-2024-6607

It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox 128 and...

8.8CVSS7.8AI score0.00563EPSS
Exploits1References1
OSV
OSV
added 2024/08/06 1:15 p.m.5 views

UBUNTU-CVE-2024-7523

A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This issue only affects Android versions of Firefox. This vulnerability affects Firefox 129...

8.1CVSS5.6AI score0.0026EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/03/25 8:13 p.m.3 views

Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions

The Mozilla Foundation Security Advisory describes this flaw as: A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions...

5.5CVSS7.3AI score0.00609EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/03/07 12:0 a.m.26 views

CentOS 8 : thunderbird (CESA-2024:0964)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:0964 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read...

8.1CVSS7.9AI score0.00937EPSS
Exploits1References9
Mageia
Mageia
added 2024/02/27 1:8 a.m.69 views

Updated rootcerts, nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Timing attack against RSA decryption in TLS. CVE-2023-5388 Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by selec...

8.1CVSS7.6AI score0.00937EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/02/27 12:0 a.m.32 views

RHEL 9 : firefox (RHSA-2024:0983)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0983 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

8.1CVSS7.6AI score0.00937EPSS
Exploits1References18
RedHat Linux
RedHat Linux
added 2024/02/26 8:47 p.m.3 views

Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants

The Mozilla Foundation Security Advisory describes this flaw as: A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/26 2:21 a.m.27 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

8.1CVSS7AI score0.00937EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2024/02/26 2:21 a.m.44 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.1CVSS7AI score0.00937EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2024/02/26 2:20 a.m.4 views

Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants

The Mozilla Foundation Security Advisory describes this flaw as: A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/26 2:12 a.m.3 views

Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants

The Mozilla Foundation Security Advisory describes this flaw as: A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2022/05/30 12:39 p.m.50 views

Is 3rd Party App Access the New Executable File?

It's no secret that 3rd party apps can boost productivity, enable remote and hybrid work and are overall, essential in building and scaling a company's work processes. An innocuous process much like clicking on an attachment was in the earlier days of email, people don't think twice when connecti...

7.9AI score
Exploits0
OSV
OSV
added 2021/08/05 8:15 p.m.3 views

CVE-2021-29971

If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 90...

9.8CVSS7.4AI score0.01022EPSS
Exploits0References2
OSV
OSV
added 2021/06/30 9:15 p.m.4 views

CVE-2021-22351

There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table,causing system exceptions...

8.1CVSS5.8AI score0.00614EPSS
Exploits0References1
Rows per page
Query Builder