164 matches found
CVE-2025-21035
CVE-2025-21035 describes an improper access control in Samsung Calendar. The vulnerability affects Samsung Calendar versions prior to 12.5.06.5 on Android 14 and prior to 12.6.01.12 on Android 15, potentially allowing a physical attacker to access data across multiple user profiles. Root cause is...
CVE-2025-21035
Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles...
PT-2025-35691
Name of the Vulnerable Software and Affected Versions: Samsung Notes versions prior to 4.4.30.63 Description: Improper access control in Samsung Notes allows physical attackers to access data across multiple user profiles. User interaction is required to trigger this issue. Recommendations: Updat...
Infinite loop
Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Infinite loop
Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
FreeScout Cross-Site Scripting Vulnerability (CNVD-2025-20795)
FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the lastname and firstname profile data. No...
CVE-2025-48875
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of lastname and firstname during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted...
CVE-2025-48875
CVE-2025-48875 affects FreeScout prior to version 1.8.181, where incorrect validation of last_name and first_name during profile data updates enables injection of arbitrary JavaScript. The attacker could trigger XSS when the affected data is deleted (described as a flesh-message in some sources)....
FreeScout 跨站脚本漏洞
FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the lastname and firstname profile data. No...
CVE-2023-23299
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...
CVE-2025-3810
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the editprofiledata functio...
WordPress plugin WPBookit 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Samsung Notes 安全漏洞
Samsung Notes is an application from the South Korean company Samsung SAMSUNG. An access control error vulnerability exists in Samsung Notes that stems from improper access control and can be exploited by an attacker to access data in multiple user profiles...
CVE-2025-20898
Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles...
CVE-2025-20883
Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles...
PT-2025-4165 · Unknown · Soundpicker
Name of the Vulnerable Software and Affected Versions: SoundPicker versions prior to SMR Jan-2025 Release 1 Description: The issue is related to improper access control, allowing physical attackers to access data across multiple user profiles. This could potentially lead to unauthorized data...
CVE-2024-49407
Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles...
Chamilo LMS 安全漏洞
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.26, which stems...
PT-2024-23522 · Unknown · Chamilo Lms
Name of the Vulnerable Software and Affected Versions: Chamilo LMS version 1.11.26 Description: The issue is related to Incorrect Access Control, allowing non-admin users to manipulate sensitive profile information via the "main/auth/profile" endpoint. This poses a significant risk to data...
CVE-2023-7290
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the checkforverifiedprofiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...