18 matches found
EUVD-2026-34209
The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...
CVE-2026-49190
The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...
CVE-2026-49190 Missing Per-Instruction Authorization Checks
The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...
CVE-2026-49190
Technical details (affected products, vulnerable component, root cause, exploit information) are not provided in the initial document or connected sources. Monitor for updates from official advisories.
CVE-2026-49190
The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...
PT-2026-46148
The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...
WordPress plugin YayMail - WooCommerce Email Customizer 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EUVD-2007-1006
Malware in sbrugna...
CVE-2024-4839
A Cross-Site Request Forgery CSRF vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service under construction, XTTS service, Petals service, vLLM service, and Motion Ctrl service,...
CVE-2022-28776
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions...
CVE-2021-26038
Joomla! 2.5.0 through 3.9.27 is affected by CVE-2021-26038 due to an install action in com_installer lacking hardcoded ACL checks for superusers, enabling privilege escalation. The default ACL for com_installer is limited to super users, so the default system is not affected. A patch is available...
CVE-2019-15440
The CVE-2019-15440 entry concerns Samsung Galaxy J5 devices (build samsung/on5xeltedx/on5xelte:8.0.0...) where a pre-installed app, com.samsung.android.themecenter (versionCode 6010000, versionName 6.1.0.0), exposes a component that allows other pre-installed apps to install apps. The exploit pat...
CVE-2016-1587
The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store,...
Slack: CSRF in github integration
There is a CSRF in the github integration in the case of "Only pre-approved apps can be installed by team members: slack1.png Github is not one of those pre approved application. So a normal user cannot install it slack2 Now lets assume the channel administrator is adding this integration to one...
CVE-2016-1640
The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...
CVE-2016-1640
Removed by vendor...
CVE-2007-1009
Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iapxml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the 1 password or 2 serial number...
Authorization
Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iapxml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the 1 password or 2 serial number...