Lucene search
K

164 matches found

CVE
CVE
added 2025/09/03 6:5 a.m.18 views

CVE-2025-21035

CVE-2025-21035 describes an improper access control in Samsung Calendar. The vulnerability affects Samsung Calendar versions prior to 12.5.06.5 on Android 14 and prior to 12.6.01.12 on Android 15, potentially allowing a physical attacker to access data across multiple user profiles. Root cause is...

4.6CVSS5.9AI score0.00208EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/03 6:5 a.m.9 views

CVE-2025-21035

Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles...

4.6CVSS0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.6 views

PT-2025-35691

Name of the Vulnerable Software and Affected Versions: Samsung Notes versions prior to 4.4.30.63 Description: Improper access control in Samsung Notes allows physical attackers to access data across multiple user profiles. User interaction is required to trigger this issue. Recommendations: Updat...

4.3CVSS6AI score0.00136EPSS
Exploits0References7
Snyk
Snyk
added 2025/07/23 8:3 p.m.8 views

Infinite loop

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.7CVSS6.9AI score0.00707EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/23 8:3 p.m.4 views

Infinite loop

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS6.6AI score0.00707EPSS
Exploits1References2
CNVD
CNVD
added 2025/06/06 12:0 a.m.4 views

FreeScout Cross-Site Scripting Vulnerability (CNVD-2025-20795)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the lastname and firstname profile data. No...

5.4CVSS6.3AI score0.00214EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/01 6:35 a.m.9 views

CVE-2025-48875

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of lastname and firstname during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted...

5.4CVSS6.3AI score0.00214EPSS
Exploits1References1
CVE
CVE
added 2025/05/30 6:26 a.m.50 views

CVE-2025-48875

CVE-2025-48875 affects FreeScout prior to version 1.8.181, where incorrect validation of last_name and first_name during profile data updates enables injection of arbitrary JavaScript. The attacker could trigger XSS when the affected data is deleted (described as a flesh-message in some sources)....

5.4CVSS6AI score0.00214EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/05/30 12:0 a.m.4 views

FreeScout 跨站脚本漏洞

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the lastname and firstname profile data. No...

5.4CVSS6.2AI score0.00214EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:36 a.m.5 views

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

7.5CVSS6.6AI score0.00804EPSS
Exploits1References1
OSV
OSV
added 2025/05/09 3:15 a.m.3 views

CVE-2025-3810

The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the editprofiledata functio...

9.8CVSS7.4AI score0.00634EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/09 12:0 a.m.5 views

WordPress plugin WPBookit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS8.6AI score0.00634EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/06 12:0 a.m.5 views

Samsung Notes 安全漏洞

Samsung Notes is an application from the South Korean company Samsung SAMSUNG. An access control error vulnerability exists in Samsung Notes that stems from improper access control and can be exploited by an attacker to access data in multiple user profiles...

4.6CVSS6.8AI score0.00193EPSS
Exploits0References2
OSV
OSV
added 2025/02/04 8:15 a.m.5 views

CVE-2025-20898

Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles...

4.6CVSS5.8AI score0.00212EPSS
Exploits0References1
OSV
OSV
added 2025/02/04 8:15 a.m.3 views

CVE-2025-20883

Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles...

4.6CVSS5.8AI score0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/04 12:0 a.m.6 views

PT-2025-4165 · Unknown · Soundpicker

Name of the Vulnerable Software and Affected Versions: SoundPicker versions prior to SMR Jan-2025 Release 1 Description: The issue is related to improper access control, allowing physical attackers to access data across multiple user profiles. This could potentially lead to unauthorized data...

4.6CVSS6.8AI score0.00216EPSS
Exploits0References5
OSV
OSV
added 2024/11/06 3:15 a.m.3 views

CVE-2024-49407

Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles...

4.6CVSS5.8AI score0.00205EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.3 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.26, which stems...

8.8CVSS6.5AI score0.0058EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.4 views

PT-2024-23522 · Unknown · Chamilo Lms

Name of the Vulnerable Software and Affected Versions: Chamilo LMS version 1.11.26 Description: The issue is related to Incorrect Access Control, allowing non-admin users to manipulate sensitive profile information via the "main/auth/profile" endpoint. This poses a significant risk to data...

8.8CVSS6.6AI score0.0058EPSS
Exploits1References9
OSV
OSV
added 2024/10/16 7:15 a.m.4 views

CVE-2023-7290

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the checkforverifiedprofiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

4.3CVSS5.8AI score0.00242EPSS
Exploits0References2
Rows per page
Query Builder