54 matches found
EUVD-2026-23903
OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure...
Apple Live Caller ID Privacy Concerns
Apple's oblivious HTTP relay for Live Caller ID Lookup iOS 18+ routes traffic through 14 third-party endpoints across six countries. These include an anonymous Delaware LLC sharing data with OpenAI, a Russian endpoint Yandex, and a Swiss GmbH whose privacy policy names "The Legal Entity to be...
CVE-2021-27583
In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2025-48600
In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48600
In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from the American company Google. Google Android suffers from a security vulnerability that stems from a lack of permission checking, which could lead to cross-user information disclosure...
EUVD-2017-7286
Malware in sbrugna...
EUVD-2021-17089
Malware in sbrugna...
EUVD-2024-54955
Malicious code in bioql PyPI...
EUVD-2025-25856
Malicious code in bioql PyPI...
CVE-2024-49728
In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-49728
In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-49728
In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-0082
In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-22392
Out-of-bounds read in firmware for some IntelR AMT and IntelR Standard Manageability may allow a privileged user to potentially enable information disclosure via network access...
PT-2025-43484
Name of the Vulnerable Software and Affected Versions versions prior to 2025-48600 Description A missing permission check in multiple files may allow information disclosure across users. Exploitation does not require additional execution privileges or user interaction. This could lead to local...
CVE-2023-21321
In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2021-30153
An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. It shouldn't because the...
PT-2025-11051
Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The generateFileInfo function within BluetoothOppSendFileInfo.java may allow for cross-user media disclosure due to a confused deputy issue. This could result in local information disclosur...
Gitlab -- vulnerabilities
Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Keys can push changes to an archived repository Guests can disclose project templates GitLab instanc...