8 matches found
CVE-2026-55197
Hermes WebUI before 0.51.443 has a broken access control weakness in the /api/session endpoint. Authenticated users can bypass profile boundaries and query session IDs from other profiles via GET /api/session?session_id=&messages=1 to retrieve unauthorized transcripts and metadata. This affects t...
CVE-2025-48566
In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48566
In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48566
CVE-2025-48566 is reported in multiple sources (Android bulletin and Red Hat) as a local elevation-of-privilege vulnerability in Android Framework related to bypassing user profile boundaries via a forwarded Intent, caused by improper input validation. The issue affects Android Framework componen...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from the American company Google. A security vulnerability exists in Google Android that stems from improper input validation and could lead to bypassing user profile boundaries...
ASB-A-397216638
Bulletin has no description...
PT-2025-43460
Name of the Vulnerable Software and Affected Versions versions prior to 2025 Description There is a potential bypass of user profile boundaries through improperly validated forwarded intents. This could allow for local privilege escalation without requiring additional execution privileges or user...
CVE-2023-21244
In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...