2242 matches found
CVE-2025-53724
Access of resource using incompatible type 'type confusion' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2025-53726
Access of resource using incompatible type 'type confusion' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2025-54864
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
CVE-2025-50861
The CVE-2025-50861 entry affects the Lotus Cars Android App (com.lotus.carsdomestic.intl) version 1.2.8, where the exported component PushDeepLinkActivity is accessible without authentication via ADB or malicious apps. This could allow unintended access to application internals and may lead to de...
CVE-2025-55196 External Secrets Operator Missing Namespace Restriction in PushSecret and SecretStore List() Calls Allows Unauthorized Secret Access
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...
CVE-2025-55196 External Secrets Operator Missing Namespace Restriction in PushSecret and SecretStore List() Calls Allows Unauthorized Secret Access
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...
Malicious File Parsing
@finos/git-proxy is vulnerable to malicious file parsing. The vulnerability is due to improper PACK signature detection in parsePush.ts, which allows an attacker to embed misleading signatures in commit content and craft packet structures to bypass approval or hide commits...
PT-2025-33101 · External Secrets · External Secrets Operator
Name of the Vulnerable Software and Affected Versions: External Secrets Operator versions 0.15.0 through 0.19.1 Description: A flaw was discovered in the External Secrets Operator where List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply...
CVE-2025-53726
Access of resource using incompatible type 'type confusion' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2025-53726
Access of resource using incompatible type 'type confusion' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2025-53725
Access of resource using incompatible type 'type confusion' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2025-53724
Access of resource using incompatible type 'type confusion' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2025-53725
Access of resource using incompatible type 'type confusion' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2025-53724
Access of resource using incompatible type 'type confusion' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2025-50155
Access of resource using incompatible type 'type confusion' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2025-50155
Access of resource using incompatible type 'type confusion' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2025-50155 Windows Push Notifications Apps Elevation of Privilege Vulnerability
...
CVE-2025-50155 Windows Push Notifications Apps Elevation of Privilege Vulnerability
...
CVE-2025-50155
CVE-2025-50155 corresponds to a local privilege-escalation vulnerability in Windows Push Notifications. Affected component: Windows Push Notifications service. Root cause: access of a resource using an incompatible type (type confusion). Impact: authorized attacker on the same device can escalate...
CVE-2025-53726
CVE-2025-53726 affects Windows Push Notifications and is described as an in-resource access using an incompatible type ('type confusion') that allows an authenticated local attacker to elevate privileges. The CVSS v3.1 base score is 7.8 (HIGH) with LOCAL attack vector, LOW attack complexity, and ...