CVE-2025-53743

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-52948

An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter BPF processing of Juniper Networks Junos OS allows an attacker, in rare cases, sending specific, unknown traffic patterns to cause the FPC and system to crash and restart. BPF provides a raw interface to data...

usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c

...

CVE-2025-7021 OpenAI Operator - API Spoofing through Locking Operator on FullScreen

Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input e.g., login credentials, email addresses via displaying a deceptive fullscreen interface with overlaid fake browser...

CVE-2025-6044

An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture...

CVE-2025-6044

CVE-2025-6044 concerns Google ChromeOS: an Improper Access Control in the Stylus Tools component on ChromeOS 16238.64.0 (garaged stylus devices) allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen captur...

webkitgtk: the video in a webRTC call may be interrupted if the audio capture gets interrupted

A vulnerability was found in WebKitGTK. This issue occurs due to a logic issue in video self-preview feature in a webRTC call, which can be interrupted if the user answers a phone call or the audio capture is interrupted. This flaw allows a remote attacker to perform a denial of service attack...

CVE-2025-36593

Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid protocol accept message in response to a failed...

CVE-2025-6533

A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulatio...

CVE-2025-6533 xxyopen/201206030 novel-plus CATCHA LoginController.java ajaxLogin authentication replay

A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulatio...

CVE-2025-6533

CVE-2025-6533 affects xxyopen/201206030 novel-plus (up to v5.1.3). The vulnerability resides in ajaxLogin (LoginController.java, CATCHA Handler) and enables authentication bypass via capture-replay. Attack vector is remote over network; attack complexity is high, but public PoC/exploitation info ...

[SECURITY] Fedora 42 Update: wireshark-4.4.7-1.fc42

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

[SECURITY] Fedora 41 Update: wireshark-4.4.7-1.fc41

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

CVE-2025-5484

A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced duri...

listmonk 安全漏洞

listmonk is a high-performance, self-hosted, newsletter and mailing list manager with a modern dashboard by the individual developer Kailash Nadh. A security vulnerability exists in listmonk versions prior to 5.0.2, which stems from a template function capturing an environment variable that could...

PT-2025-24526 · Sprig +1 · Sprig +1

Name of the Vulnerable Software and Affected Versions: Listmonk versions 4.0.0 through 5.0.2 Description: Listmonk is a standalone, self-hosted, newsletter and mailing list manager. The env and expandenv template functions, enabled by default in Sprig, allow capturing of environment variables on...

CVE-2025-20163

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller NDFC could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by...

CVE-2025-48905

Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types...

CVE-2025-48905

Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types...

CVE-2025-48905

CVE-2025-48905 concerns a Wasm exception capture vulnerability in the arkweb v8 module. The available connected sources identify the issue as causing a failure to capture certain Wasm exception types, but do not specify affected versions beyond identifying the arkweb v8 module as vulnerable. Repo...