Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information.
An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.
Improper permission control in the mobile application (com.android.server.telecom) may lead to user information security risks.
In sprd ssense service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses
Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network.
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untr
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context
Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data.
Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipula
In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional e
Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability.
Page 1+ Next →