webkitgtk: A website may be able to access sensor information without user consent

A flaw was found in WebKitGTK. A malicious website can obtain access to sensor information without user consent due to improper handling of caches...

EUVD-2018-16891

Malware in sbrugna...

EUVD-2025-8854

Malicious code in bioql PyPI...

CVE-2025-20701

In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-20701

In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-49732

In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-42468

The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application without any permissions can craft an...

CVE-2023-34246

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot...

CVE-2021-39768

In Settings, there is a possible way to add an auto-connect WiFi network without the user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

PT-2025-14005 · Apple · Safari +4

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 18.4 iOS versions prior to 18.4 iPadOS versions prior to 18.4 macOS Sequoia versions prior to 15.4 Description: The issue allows a website to access sensor information without user consent. This can be achieved by...

CVE-2024-54463

This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. An app may be able to access removable volumes without user consent...

CVE-2024-54463

CVE-2024-54463 affects macOS Sequoia 15, where an app could access removable volumes without user consent due to entitlements checks. Apple fixed the issue in Sequoia 15 by improving entitlements handling. Practical impact per sources: potential leakage of data from removable volumes if an app la...