Lucene search
K

15 matches found

Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.20 views

PT-2026-51386

Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.3.10 Description mise processes .tool-versions files using the Tera template engine, which includes a registered exec function that allows for arbitrary command execution. In the default non-paranoid mode,...

9.6CVSS6AI score0.00685EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/19 12:31 a.m.12 views

EUVD-2026-37958

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...

6.8CVSS5.3AI score0.00116EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 11:16 p.m.14 views

CVE-2026-56074

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...

6.8CVSS0.00116EPSS
Exploits0References2
OSV
OSV
added 2025/08/11 1:15 p.m.4 views

CVE-2025-8672

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application...

7.8CVSS7.2AI score
Exploits0References4
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.0 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in several Mozilla products, whic...

7.5CVSS6.7AI score0.00426EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.6 views

PT-2024-20024 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to multiple functions in NotificationManagerService.java, where a clipboard message access may not trigger a toast message. This could lead to local escalation of...

9.8CVSS6.8AI score0.00343EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/06/14 7:56 a.m.5 views

Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

3.1CVSS7.2AI score0.00897EPSS
Exploits0References6
OSV
OSV
added 2022/12/22 8:15 p.m.4 views

DEBIAN-CVE-2022-22754

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

6.5CVSS6.5AI score0.00644EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/05/04 12:11 p.m.3 views

Mozilla: Bypassing permission prompt in nested browsing contexts

The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

8.8CVSS7.3AI score0.00848EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/02/15 10:37 a.m.4 views

Mozilla: Extensions could have bypassed permission confirmation during update

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: If a user installed a particular type of extension, the extension could have auto-updated itself, and while doing so may have bypassed the prompt which grants the new version the new requested permission...

6.5CVSS7.3AI score0.00644EPSS
Exploits0References4
OSV
OSV
added 2022/02/09 12:0 a.m.5 views

UBUNTU-CVE-2022-22754

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

6.5CVSS6.8AI score0.00644EPSS
Exploits0References6
OSV
OSV
added 2020/07/02 1:39 p.m.5 views

USN-4408-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass permission prompts, or execute arbitrary code. CVE-2020-12415,...

9.3CVSS7.1AI score0.03034EPSS
Exploits4References12
Microsoft KB
Microsoft KB
added 2020/01/07 12:0 a.m.7 views

January 7, 2020, update for Office 2016 (KB4464586)

None None...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/06/03 3:57 p.m.3 views

macOS 0-Day Flaw Lets Hackers Bypass Security Features With Synthetic Clicks

A security researcher who last year bypassed Apple's then-newly introduced macOS privacy feature has once again found a new way to bypass security warnings by performing 'Synthetic Clicks' on behalf of users without requiring their interaction. Last June, Apple introduced a core security feature ...

6.7AI score
Exploits0
OSV
OSV
added 2018/06/11 9:29 p.m.3 views

CVE-2018-5105

WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox 58...

7.8CVSS7.3AI score0.00423EPSS
Exploits0References5
Rows per page
Query Builder