EUVD-2026-26131

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that widens identity-bearing operator.read requests into runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway au...

📄 Node.js 25.x Permission Model Sandbox Bypass / Path Traversal

This Metasploit module validates a sandbox escape weakness in the Node.js permission model that allows restricted file access bypass through symlink-based path traversal. When Node.js is executed with the --permission flag and limited filesystem read/write paths, the permission checks rely on...

EUVD-2018-13599

Malware in sbrugna...

EUVD-2020-7565

Malware in sbrugna...

Unity Linux 20.1070e Security Update: flatpak (UTSA-2025-680646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680646 advisory. Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions...

CVE-2025-41664

A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services e.g., FTP/SFTP. This access could allow the attacker to escalate privileges and modify firmware...

CVE-2018-21081

An issue was discovered on Samsung mobile devices with N7.x software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is SVE-2017-11018 March 2018...

CVE-2023-40040

An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack...

PT-2023-27231 · Google · Android

Name of the Vulnerable Software and Affected Versions: MyCrops HiGrade "THC Testing & Cannabi" application version 1.0.337 Description: An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application for Android, where a remote attacker can start the camera feed via the...

Podman lifting vulnerability

Podman is an engine for developing, managing, and running OCI containers on Linux systems. Podman suffers from a privilege elevation vulnerability, which stems from improperly managed runtime permissions and can be exploited by attackers to elevate the privileges of the system...

Podman 权限许可和访问控制问题漏洞

Podman is an engine for developing, managing, and running OCI containers on Linux systems. Podman suffers from a privilege elevation vulnerability, which stems from improperly managed runtime permissions and can be exploited by attackers to elevate the privileges of the system...

DEBIAN-CVE-2021-43860

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a...

Flatpak 安全漏洞

Flatpak is an application virtualization system for Linux desktop application computing environments. A security vulnerability exists in Flatpak that stems from the fact that Flatpak does not properly verify that the application permissions displayed to the user at installation time match the...

CVE-2020-15578

An issue was discovered on Samsung mobile devices with O8.x software. FactoryCamera does not properly restrict runtime permissions. The Samsung ID is SVE-2020-17270 July 2020...

Design/Logic Flaw

An issue was discovered on Samsung mobile devices with O8.x software. FactoryCamera does not properly restrict runtime permissions. The Samsung ID is SVE-2020-17270 July 2020...

CVE-2020-15578

The CVE-2020-15578 entry concerns Samsung mobile devices running O(8.x) software where the FactoryCamera component does not properly restrict runtime permissions. Affected software is described as Samsung devices with that Android/OS lineage; the root cause is the improper permission restriction ...

CVE-2018-21081

An issue was discovered on Samsung mobile devices with N7.x software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is SVE-2017-11018 March 2018...

CVE-2018-21081

An issue was discovered on Samsung mobile devices with N7.x software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is SVE-2017-11018 March 2018...

Code injection

An issue was discovered on Samsung mobile devices with N7.x software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is SVE-2017-11018 March 2018...

CVE-2018-21081

An issue was discovered on Samsung mobile devices with N7.x software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is SVE-2017-11018 March 2018...