CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

CVE-2021-47820

CVE-2021-47820 affects the Ubee EVW327 router. The vulnerability is a cross-site request forgery that enables remote access by a crafted page that auto-submits a form to change remote access settings to port 8080 without user consent. The provided documents do not specify affected firmware versio...

webkitgtk: A website may be able to access sensor information without user consent

A flaw was found in WebKitGTK. A malicious website can obtain access to sensor information without user consent due to improper handling of caches...

CVE-2025-54286

Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...

CVE-2025-43356

The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website may be able to access sensor information without user consent...

CVE-2022-20218

In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

CVE-2024-54463

This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. An app may be able to access removable volumes without user consent...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS version 14.7.3 that originates from an application that may be able to access removable volumes without user consent...

Color Phone Security Vulnerability

Color Phone is a dialer with the ability to change themes. A security vulnerability exists in Color Phone version 2.1.8-2 and earlier, which originated from a vulnerability that allows remote attackers to initiate a phone call without the user's consent...

Doorkeeper 授权问题漏洞

Doorkeeper is an OAuth 2 authentication provider for Rails/Grape applications. An authorization issue vulnerability exists in Doorkeeper versions prior to 5.6.6, which stems from the automatic processing of authorization requests from previously approved public clients that do not require user...

CVE-2022-39075

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission...

Apple iOS 安全漏洞

Apple iOS is a set of operating systems developed for mobile devices by the American company Apple. Apple iOS 15 and iPadOS 15 previously had a security vulnerability that stemmed from the fact that VPN configurations may have been installed by apps without the user's permission...

Mozilla: Compromised IPC child process can list local filenames

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox...