5099 matches found
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.
...
GHSA-F696-867G-2759 Jenkins OpenTelemetry Plugin missing permission check allows capturing credentials
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-58460
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-58460
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-58460
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
ASB-A-325912429
In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-13985
A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capturehandle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without...
Linux Distros Unpatched Vulnerability : CVE-2025-5601
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file CVE-2025-5601 Note...
Linux Distros Unpatched Vulnerability : CVE-2023-2855
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVE-2023-2855 Note that Nessus relies...
Linux Distros Unpatched Vulnerability : CVE-2023-3648
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file CVE-2023-3648 Note...
MAL-2025-41654 Malicious code in ctf-q21-empire-tmp-test123 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in ctf-q21-empire-tmp-bw134349 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in ctf-q21-empire-tmp-bw134348 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-13985
A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capturehandle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without...
CVE-2024-13985 Dahua EIMS capture_handle.action RCE
A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capturehandle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without...
CVE-2024-13985
CVE-2024-13985 – Dahua EIMS : A command injection flaw affects Dahua EIMS versions prior to 2240008. The issue stems from improper input validation of the captureCommand parameter in the capture_handle.action API, allowing unauthenticated remote attackers to inject OS commands and potentially ful...
CVE-2025-20317
A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification of vKVM endpoints. An...
CVE-2025-20317 Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability
A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification of vKVM endpoints. An...
Cisco Integrated Management Controller Virtual Keyboard Video Monitor Open Redirect Vulnerability
A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification of vKVM endpoints. An...
PT-2025-34942 · Dahua · Dahua Eims
Name of the Vulnerable Software and Affected Versions: Dahua EIMS versions prior to 2240008 Description: A command injection flaw in Dahua EIMS allows unauthenticated remote attackers to execute arbitrary system commands. This is due to improper input validation in the captureCommand parameter of...