CWE-281: CWE-281

This vulnerability allows any Android application without permissions to place phone calls without user interaction by sending a crafted intent to the...

This CVE allows privilege escalation in XWiki Platform where the {{wikimacrocontent}} executes content with wiki macro author rights instead of caller...

This vulnerability in the 3scale Developer Portal allows attackers to modify read-only or hidden fields when creating or updating accounts. This could...

A vulnerability in Salesforce OmniStudio DataMapper allows unauthorized access to encrypted data due to improper permission preservation. This affects...

A permissions preservation vulnerability in Salesforce OmniStudio FlexCards allows unauthorized access to encrypted data. This affects Salesforce cust...

This CVE describes a logic flaw in macOS that allows attackers to bypass file system protections and access restricted areas. It affects macOS Ventura...

This vulnerability in the Should I Answer? Android app allows any installed application without permissions to place phone calls without user interact...

This vulnerability allows a malicious website to bypass same-origin policy restrictions via embedded content, potentially accessing sensitive data fro...

This CVE describes a privilege escalation vulnerability in macOS where a non-privileged user can modify restricted network settings. This affects macO...

This macOS vulnerability allows camera extensions to bypass intended restrictions and access the internet without proper authorization. It affects mac...

CVE-2021-3523 is a connection reuse vulnerability in 3Scale APICast that allows attackers to bypass API security restrictions when multiple APIs are h...

This CVE describes an Improper Preservation of Permissions vulnerability in Huawei smartphones running HarmonyOS. It allows unauthorized access to sen...

This vulnerability in JetBrains UpSource allows application passwords to remain valid after they should have been revoked, potentially enabling unauth...

This vulnerability allows administrators with PowerShell access to disable Zscaler Internet Access (ZIA) protection on Windows systems. It affects org...

This CVE describes a sandbox escape vulnerability in macOS where third-party app extensions may not receive proper sandbox restrictions. This could al...

This vulnerability in Brocade Fabric OS allows local users to overwrite system files using the 'less' command. It affects Brocade SAN switches running...

This vulnerability allows attackers to craft malicious Flattened Image Tree (FIT) structures that overwrite memory in U-Boot's Secondary Program Loade...

This vulnerability allows users with the security_admin_local role in Couchbase Server to create new users with admin privileges, bypassing intended r...

Insecure permissions in Silicon Labs Z-Wave Series 700 and 800 controllers allow attackers to cause denial of service by repeatedly sending crafted pa...

This vulnerability allows attackers to manipulate wakeup intervals of Z-Wave end devices in controller memory, potentially disrupting communication be...

This vulnerability in Firefox, Firefox ESR, and Thunderbird allows attackers to trick users into granting WebAuthn permissions via manipulated popup n...

This CVE describes a privilege escalation vulnerability in Teradata Database systems during OS migration from SLES 12 SP2/3 to SLES 15 SP2. User accou...

This vulnerability in lakeFS allows privilege inheritance when reusing usernames. When a deleted user's username is reused for a new account, the new ...

This vulnerability in OpenHarmony allows a local attacker to bypass permission checks and access sensitive information they shouldn't have access to. ...

This vulnerability in OpenHarmony allows a local attacker to bypass permission checks and access sensitive information they shouldn't have access to. ...

This CVE describes a macOS vulnerability where applications could bypass permission checks to access protected user data. It affects macOS systems bef...

This CVE describes a permissions vulnerability in macOS that allows applications to bypass intended restrictions and access protected user data. It af...

This macOS vulnerability allows applications to bypass intended permission restrictions and access sensitive user data. It affects macOS systems befor...

This CVE describes a permissions vulnerability in macOS that allows unauthorized applications to access a user's Photos Library. The issue affects mac...

This vulnerability in Oracle Workflow (part of Oracle E-Business Suite) allows authenticated attackers with low privileges to modify or delete some da...

This vulnerability in RuoYi v4.8.0 allows administrators to cause a Denial of Service (DoS) by duplicating login names during password resets. The att...

This vulnerability in Tuleap's document manager allows users to retain edit or manage permissions on sub-items when permissions are being restricted v...

This vulnerability in Android's permission management system allows attackers to trick users into granting incorrect permissions through permission ov...

The snowflake-connector-nodejs driver has a vulnerability where file permission checks for temporary credential cache can be bypassed. An attacker wit...

CVE-2023-32199 is an improper preservation of permissions vulnerability in Rancher Manager where users retain cluster access after their custom Global...

This CVE describes an information disclosure vulnerability in Zabbix where unauthenticated users can access host statistics through the System Informa...

This CVE describes a broken access control vulnerability in the WordPress ReviewX plugin. It allows unauthorized users to perform actions they shouldn...

This vulnerability allows any Android application installed on the same device to place phone calls without user interaction by sending a crafted inte...

This CVE describes an improper preservation of permissions vulnerability in NetworkManager where the daemon running with root privileges can access fi...