CVE-2025-55948

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

CVE-2025-55948

CVE-2025-55948 describes a desynchronization bug in yzcheng90’s X-SpringBoot 6.0 RBAC, arising from dual reliance on frontend menu states and backend permission tables without atomic synchronization. The flaw allows UI to revoke privileges while stale backend permissions still authorize API reque...

Linux Distros Unpatched Vulnerability : CVE-2018-6083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access...

GHSA-XP75-R577-CVHP Privileged OpenBao Operator May Execute Code on the Underlying Host

Impact Under certain threat models, OpenBao operators with privileged API access may not be system administrators and thus normally lack the ability to update binaries or execute code on the system. Additionally, privileged API operators should be unable to perform TCP connections to arbitrary...

Privileged OpenBao Operator May Execute Code on the Underlying Host

Impact Under certain threat models, OpenBao operators with privileged API access may not be system administrators and thus normally lack the ability to update binaries or execute code on the system. Additionally, privileged API operators should be unable to perform TCP connections to arbitrary...

CVE-2024-34647

Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from South Korea's Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Nov-2022 Release 1 version, which stems from an improper authorization vulnerability in...

PT-2022-17170

Name of the Vulnerable Software and Affected Versions Bonita Web version 2021.2 Description Bonita Web 2021.2 is affected by an authentication/authorization bypass due to an overly permissive exclusion pattern within the RestAPIAuthorizationFilter. Appending ;i18ntranslation or /../i18ntranslatio...

CVE-2022-25089

Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEYLOCALMACHINE via UITasks.PersistentRegistryData...