15 matches found
CVE-2026-57950
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderController that allows attackers with erp:sale-out permissions to gain unauthorized access to sale order operations by exploiting an incorrect permission namespace enforcement...
CVE-2025-48653
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2022-39561
Malicious code in bioql PyPI...
CVE-2022-36861
Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege...
The vulnerability of iCloud Photo Library on macOS operating systems allows a hacker to bypass security restrictions.
The vulnerability of iCloud Photo Library on macOS operating systems is related to errors in the use of standard permissions. Exploiting this vulnerability could allow a remote attacker to bypass security restrictions...
The vulnerability of Google Chrome’s Intents component allows attackers to circumvent existing security restrictions.
The vulnerability of Google Chrome’s Intents component is related to the improper use of standard permissions. Exploiting this vulnerability allows a malicious actor to bypass security restrictions through a specially created HTML page...
Information Disclosure
net-snmp is vulnerable to information disclosure. The package in OpenBSD uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file...
CVE-2022-36861
Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege...
CVE-2022-36861
Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege...
Privilege escalation
Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege...
CVE-2022-36861
Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege...
CVE-2022-36861
CVE-2022-36861 affects Samsung SystemUI prior to SMR Sep-2022 Release 1. It is described as a custom permission misuse that lets an attacker use some protected functions with SystemUI privilege. Root cause: misuse of a custom permission in SystemUI. Impact: potential elevation of privileges withi...
PT-2022-23665 · Systemui · Systemui
Name of the Vulnerable Software and Affected Versions: SystemUI versions prior to SMR Sep-2022 Release 1 Description: The issue concerns a custom permission misuse vulnerability. This vulnerability allows an attacker to use some protected functions with SystemUI privilege. Recommendations: For...
The vulnerability of the Trend Micro HouseCall anti-virus protection for home networks allows attackers to enhance their privileges.
The vulnerability of the Trend Micro HouseCall anti-virus protection for home networks is related to errors in the use of standard permissions. Exploiting this vulnerability can allow attackers to increase their privileges...
phpFileManager 0.9.8 - CSRF Vulnerability
Exploit for php platform in category web applications Exploit Title: CSRF Remote Backdoor Shell Google Dork: intitle: CSRF Remote Backdoor Shell Date: 2015-07-29 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: phpfm.sourceforge.net Software Link:...