CWE-441: CWE-441

A misconfigured proxy in runtimes-inventory-rhel8-operator attaches cluster administrative credentials to all commands instead of only authorized repo...

HCL Nomad server on Domino has an open proxy vulnerability allowing unauthenticated attackers to mask their source IP address. This enables attackers ...

This vulnerability in Contour Kubernetes ingress controller allows attackers to access Envoy's admin interface via specially crafted ExternalName Serv...

This vulnerability allows a malicious app to access images from other user profiles on the same Android device without proper authorization. It affect...

This vulnerability allows malicious apps to access contacts from the work profile on Android devices through a confused deputy attack in the telephony...

This vulnerability allows a third-party Android app to modify secure system settings without user interaction, enabling local privilege escalation. It...

This vulnerability allows malicious apps to access sensitive information from other user profiles on Android devices through a confused deputy attack ...

This CVE describes a confused deputy vulnerability in Android that allows unauthorized access to audio files across user profiles. An attacker could l...

This vulnerability allows a malicious app to access work profile contact numbers from the voicemail settings component without proper permission check...

This vulnerability in Android's Settings app allows a malicious app to bypass intent security checks through a confused deputy attack, enabling local ...

This vulnerability in Android's ManagedProvisioning component allows a malicious app to access another user's data through a confused deputy attack, l...

This CVE describes a confused deputy vulnerability in Android's Settings app that allows bypassing intent type checks. Attackers can exploit this to e...

This vulnerability allows a malicious app to launch arbitrary activities on Android devices without user interaction, potentially leading to local pri...

This vulnerability in Android's MediaSessionRecord allows a malicious app to send a pending intent on behalf of the system_server process, enabling lo...

This vulnerability allows an attacker to bypass the WRITE_EXTERNAL_STORAGE permission in Android's MediaProvider component, enabling unauthorized writ...

This vulnerability allows a malicious Android app to bypass user ID checks and access privileged system APIs, potentially gaining elevated privileges ...

This vulnerability allows local attackers to bypass camera permissions on affected Android devices, potentially accessing camera data without user con...

This CVE describes an information disclosure vulnerability in Android's App Widget component where a malicious app could trick the system into reveali...

This CVE describes a confused deputy vulnerability in Android's Wear OS where a malicious app can monitor motion events without user interaction. This...

This vulnerability allows a malicious app to access voicemail notification settings from other user profiles on the same Android device without requir...

CVE-2025-66415 is an authorization bypass vulnerability in fastify-reply-from, a Fastify plugin for HTTP request forwarding. Attackers can craft malic...

Gitea versions before 1.22.2 have a token scope propagation flaw in package registries that could allow authenticated users to access resources beyond...

This Android vulnerability allows malicious apps to leak images across user isolation boundaries via a confused deputy attack. It requires user intera...

This vulnerability in Matrix homeserver software allows a malicious remote server to trick a vulnerable server into signing arbitrary events during us...

A vulnerability in Nuvation Energy nCloud VPN Service allowed network boundary bridging, potentially enabling unauthorized network access. This affect...