Weaknesses of type CWE-863
2,111 resultsCVE-2023-40117HIGHIn resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to localEPSS 0.1%CVE-2025-32408LOWIn Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled.EPSS 0.1%CVE-2026-32918CRITICALOpenClaw < 2026.3.11 - Session Sandbox Escape via session_status ToolEPSS 0.1%CVE-2023-21390HIGHIn Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of pEPSS 0.1%CVE-2026-49983MEDIUMDeno: process.loadEnvFile() bypasses env permission checks and mutates process.env with only read accessEPSS 0.1%CVE-2023-21256—In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. ThisEPSS 0.1%CVE-2025-49599MEDIUMHuawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow tEPSS 0.1%CVE-2026-32919MEDIUMOpenClaw < 2026.3.11 - Unauthorized Session Reset via agent Slash CommandsEPSS 0.1%CVE-2026-26949MEDIUMDell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker wiEPSS 0.1%CVE-2026-53809MEDIUMOpenClaw < 2026.4.25 - Provider Alias Confusion in Embedded Runner PolicyEPSS 0.1%CVE-2023-20975HIGHIn getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due toEPSS 0.1%CVE-2026-28716MEDIUMInformation disclosure and manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 EPSS 0.1%CVE-2023-21116MEDIUMIn verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due EPSS 0.1%CVE-2023-21254—In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed EPSS 0.1%CVE-2023-20800—In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System executioEPSS 0.1%CVE-2025-66433MEDIUMHTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. EPSS 0.1%CVE-2023-21245HIGHIn showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during deviEPSS 0.1%CVE-2025-32333HIGHIn startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due to a logic error in the code. This could lEPSS 0.1%CVE-2025-48523HIGHIn onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. ThisEPSS 0.1%CVE-2022-33718MEDIUMAn improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the liEPSS 0.1%