Total
58 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-30225 | 1 Olivetin | 1 Olivetin | 2026-03-12 | N/A | 5.3 MEDIUM |
| OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new internal connect.Request without preserving the original caller’s authentication headers or cookies. When this synthetic request is passed to StartAction, the authentication resolver falls back to the guest user. If the guest account has broader permissions than the authenticated caller, this results in privilege escalation and unauthorized command execution. This vulnerability allows a low‑privileged authenticated user to bypass ACL restrictions and execute arbitrary configured shell actions. This issue has been patched in version 3000.11.1. | |||||
| CVE-2026-0107 | 1 Google | 1 Android | 2026-03-11 | N/A | 8.4 HIGH |
| In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of privileges due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2026-0021 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
| In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2026-0013 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
| In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48646 | 1 Google | 1 Android | 2026-03-06 | N/A | 7.8 HIGH |
| In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-48579 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
| In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48545 | 1 Google | 1 Android | 2026-03-04 | N/A | 7.1 HIGH |
| In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2026-0008 | 1 Google | 1 Android | 2026-03-03 | N/A | 8.4 HIGH |
| In multiple locations, there is a possible privilege escalation due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2026-27624 | 1 Coturn Project | 1 Coturn | 2026-02-27 | N/A | 7.2 HIGH |
| Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed bypasses involving "0.0.0.0", "[::1]" and "[::]", but IPv4-mapped IPv6 is not covered. When sending a "CreatePermission" or "ChannelBind" request with the "XOR-PEER-ADDRESS" value of "::ffff:127.0.0.1", a successful response is received, even though "127.0.0.0/8" is blocked via "denied-peer-ip". The root cause is that, prior to the updated fix implemented in version 4.9.0, three functions in "src/client/ns_turn_ioaddr.c" do not check "IN6_IS_ADDR_V4MAPPED". "ioa_addr_is_loopback()" checks "127.x.x.x" (AF_INET) and "::1" (AF_INET6), but not "::ffff:127.0.0.1." "ioa_addr_is_zero()" checks "0.0.0.0" and "::", but not "::ffff:0.0.0.0." "addr_less_eq()" used by "ioa_addr_in_range()" for "denied-peer-ip" matching: when the range is AF_INET and the peer is AF_INET6, the comparison returns 0 without extracting the embedded IPv4. Version 4.9.0 contains an updated fix to address the bypass of the fix for CVE-2020-26262. | |||||
| CVE-2025-64123 | 1 Nuvationenergy | 5 Nplatform, Nuvmsc3-04s-c, Nuvmsc3-08s-c and 2 more | 2026-02-26 | N/A | 9.8 CRITICAL |
| Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue affects Multi-Stack Controller (MSC): through and including release 2.5.1. | |||||
| CVE-2026-24470 | 1 Zalando | 1 Skipper | 2026-02-18 | N/A | 8.1 HIGH |
| Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Version 0.24.0 disables Kubernetes ExternalName by default. As a workaround, developers can allow list targets of an ExternalName and allow list via regular expressions. | |||||
| CVE-2023-31313 | 2026-02-13 | N/A | 7.2 HIGH | ||
| An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution. | |||||
| CVE-2025-66415 | 1 Fastify | 1 Reply-from | 2026-02-06 | N/A | 5.4 MEDIUM |
| fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0. | |||||
| CVE-2026-24471 | 2026-02-03 | N/A | N/A | ||
| continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room (rejecting an invite), joining a room or knocking on a room, the victim server may ask a remote server for assistance. If the victim asks the attacker server for assistance the attacker is able to provide an arbitrary event, which the victim will sign and return to the attacker. For the /leave endpoint, this works for any event with a supported room version, where the origin and origin_server_ts is set by the victim. For the /join endpoint, an additionally victim-set content field in the format of a join membership is needed. For the /knock endpoint, an additional victim-set content field in the format of a knock membership and a room version not between 1 and 6 is needed. This was exploited as a part of a larger chain against the continuwuity.org homeserver. This vulnerability affects all Conduit-derived servers. This vulnerability is fixed in Continuwuity 0.5.1, Conduit 0.10.11, Grapevine 0aae932b, and Tuwunel 1.4.9. | |||||
| CVE-2025-64125 | 2026-01-08 | N/A | N/A | ||
| A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 (December, 2025). End users do not have to take any action to mitigate the issue. | |||||
| CVE-2025-68944 | 1 Gitea | 1 Gitea | 2025-12-31 | N/A | 5.0 MEDIUM |
| Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries. | |||||
| CVE-2025-68667 | 2025-12-29 | N/A | N/A | ||
| Conduit is a chat server powered by Matrix. A vulnerability that affects a number of Conduit-derived homeservers allows a remote, unauthenticated attacker to force the target server to cryptographically sign arbitrary membership events. Affected products include Conduit prior to version 0.10.10, continuwuity prior to version 0.5.0, Grapevine prior to commit `9a50c244`, and tuwunel prior to version 1.4.8. The flaw exists because the server fails to validate the origin of a signing request, provided the event's state_key is a valid user ID belonging to the target server. Attackers can forge "leave" events for any user on the target server. This forcibly removes users (including admins and bots) from rooms. This allows denial of service and/or the removal of technical protections for a room (including policy servers, if all users on the policy server are removed). Attackers can forge "invite" events from a victim user to themselves, provided they have an account on a server where there is an account that has the power level to send invites. This allows the attacker to join private or invite-only rooms accessible by the victim, exposing confidential conversation history and room state. Attackers can forge "ban" events from a victim user to any user below the victim user's power level, provided the victim has the power level to issue bans AND the target of the ban resides on the same server as the victim. This allows the attacker to ban anyone in a room who is on the same server as the vulnerable one, however cannot exploit this to ban users on other servers or the victim themself. Conduit fixes the issue in version 0.10.10. continuwuity fixes the issue in commits `7fa4fa98` and `b2bead67`, released in 0.5.0. tuwunel fixes the issue in commit `dc9314de1f8a6e040c5aa331fe52efbe62e6a2c3`, released in 1.4.8. Grapevine fixes the issue in commit `9a50c2448abba6e2b7d79c64243bb438b351616c`. As a workaround, block access to the `PUT /_matrix/federation/v2/invite/{roomId}/{eventId}` endpoint using your reverse proxy. | |||||
| CVE-2025-11393 | 2025-12-16 | N/A | 8.7 HIGH | ||
| A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allows a standard user within the cluster to send unauthorized commands to the management platform, effectively acting with the full permissions of the cluster administrator. This could lead to unauthorized changes to the cluster's configuration or status on the Red Hat platform. | |||||
| CVE-2025-36889 | 1 Google | 1 Android | 2025-12-12 | N/A | 5.5 MEDIUM |
| In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22420 | 1 Google | 1 Android | 2025-12-10 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||