Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets, which stems from the recording of eSE debug messages when capturing logs could lead to information disclosure...

CVE-2025-54871

Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRONRUNASNODE. This environment variable allows arbitrary Node.js code to be...

CVE-2025-54871 Electron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS)

Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRONRUNASNODE. This environment variable allows arbitrary Node.js code to be...

CVE-2025-54871

CVE-2025-54871 affects Electron Capture (elecap) on macOS. Versions 2.19.1 and earlier expose a TCC bypass: enabling the ELECTRON_RUN_AS_NODE environment variable allows arbitrary Node.js code to run via the -e flag inside the main Electron context, inheriting existing TCC entitlements (e.g., acc...

CVE-2025-54871 Electron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS)

Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRONRUNASNODE. This environment variable allows arbitrary Node.js code to be...

CVE-2025-54871 Electron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS)

Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRONRUNASNODE. This environment variable allows arbitrary Node.js code to be...

PT-2025-31890 · Unknown · Electroncapture

Name of the Vulnerable Software and Affected Versions: Electron Capture versions 2.19.1 and below Description: Electron Capture facilitates video playback for screen-sharing and capture. The elecap app on macOS allows local unprivileged users to bypass macOS TCC Transparency, Consent, and Control...

Electron Capture 安全漏洞

Electron Capture is a window capture software by Steve Seguin Personal Developer. A security vulnerability exists in Electron Capture 2.19.1 and earlier versions, which stems from a vulnerability that allows bypassing macOS TCC privacy protections and could lead to arbitrary Node.js code executio...

Towards Effective Offensive Security LLM Agents: Hyperparameter Tuning, LLM As a Judge, and a Lightweight CTF Benchmark

Recent advances in LLM agentic systems have improved the automation of offensive security tasks, particularly for Capture the Flag CTF challenges. We systematically investigate the key factors that drive agent success and provide a detailed recipe for building effective LLM-based offensive securi...

Advisory ROSA-SA-2025-2909

software: freeradius 3.0.27 OS: ROSA-CHROME unaffected versions = freeradius-3.0.27-1 affected versions freeradius-3.0.27-1 CVE-ID: CVE-2024-3596 BDU-ID: 2024-05180 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the RADIUS authentication protocol implementation involves bypassing the authenticati...

Malicious Package

Overview secmeasure is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The sisaws package leverages "typosquatting" for the legitimate sisa package, targeting Sistema Integrado de Información Sanitaria Argentino SISA API...

Malicious Package

Overview sisaws is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The sisaws package leverages "typosquatting" for the legitimate sisa package, targeting Sistema Integrado de Información Sanitaria Argentino SISA API...

java-17-openjdk security update

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-17-openjdk packages provide the OpenJDK 17 Java Runtime...

📄 FullControl: Remote for Mac 4.0.5 Unauthenticated Screen Capture

FullControl: Remote for Mac version 4.0.5 is vulnerable to an unauthenticated remote screenshot capture and live screen streaming due to a lack of authentication on TCP port 2846. This exploit allows attackers to silently capture screenshots or continuously stream the victim's screen in real-time...

Exploit for Use of Uninitialized Resource in Samba Rsync

CVE-2024-12085 Infoleak exploit Note, this exploit is not ver...

Wireshark Analyzer 4.4.8

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

ALSA-2025:10873 Important: java-21-openjdk security update

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve HTTP client header handling CVE-2025-50059 JDK: Better...

AlmaLinux 9 : java-17-openjdk (ALSA-2025:10867)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:10867 advisory. JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve HTTP client header handling CVE-2025-50059 JDK:...

CVE-2025-7021

Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input e.g., login credentials, email addresses via displaying a deceptive fullscreen interface with overlaid fake browser...

CVE-2025-53743

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...