QualitEye: Public and Privacy-Preserving Gaze Data Quality Verification

Gaze-based applications are increasingly advancing with the availability of large datasets but ensuring data quality presents a substantial challenge when collecting data at scale. It further requires different parties to collaborate, therefore, privacy concerns arise. We propose QualitEye--the...

Wireshark Denial of Service Vulnerability (CNVD-2025-30216)

Wireshark is a very popular network packet analyzer that intercepts various network packets and displays packet details. A denial of service vulnerability exists in Wireshark. The vulnerability exists in Wireshark's column processing feature. When Wireshark attempts to process network packets or...

Wireshark Security Update (wnpa-sec-2025-02) - Mac OS X

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

CVE-2025-20163

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller NDFC could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by...

UBUNTU-CVE-2025-5601

Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file...

CVE-2025-5601 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark

Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file...

CVE-2025-5601

Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file...

CVE-2025-5601

Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file...

CVE-2025-20986

Improper access control in ScreenCapture for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to take screenshots...

Wireshark 4.2.x < 4.2.12 / 4.4.x < 4.4.7 DoS

The version of Wireshark installed on the remote Windows host is 4.2.x prior to 4.2.12 or 4.4.x prior to 4.4.7. It is, therefore, affected by a denial of service vulnerability as referenced in the wnpa-sec-2025-02 advisory. - Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12...

CVE-2025-48936

Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

A Human Study of Cognitive Biases in Web Application Security

Cybersecurity training has become a crucial part of computer science education and industrial onboarding. Capture the Flag CTF competitions have emerged as a valuable, gamified approach for developing and refining the skills of cybersecurity and software engineering professionals. However, while...

Evaluating AI Cyber Capabilities with Crowdsourced Elicitation

As AI systems become increasingly capable, understanding their offensive cyber potential is critical for informed governance and responsible deployment. However, it's hard to accurately bound their capabilities, and some prior evaluations dramatically underestimated them. The art of extracting...

CVE-2025-5160

A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected is the function Download of the file /packetCaptureStrategy/download. The manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The...

CVE-2025-5160

A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected is the function Download of the file /packetCaptureStrategy/download. The manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The...

The vulnerability of the VBI libzvbi library’s capture and decoding function is related to a numerical overflow in the _vbi_strndup_iconv() function. This allows an attacker to cause a service failure.

The vulnerability of the VBI libzvbi library’s capture and decoding functions is related to a numerical overflow in the vbistrndupiconv function. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...

The vulnerability of the VBI capture and decoding library libzvbi, related to integer overflow in the vbi_capture_sim_load_caption() function, allows attackers to cause a service failure.

The vulnerability of the VBI capture and decoding library, libzvbi, is related to a numerical overflow in the vbicapturesimloadcaption function. Exploiting this vulnerability can allow an attacker to cause a service failure...

H3C SecCenter SMP-E1114P02 路径遍历漏洞

H3C SecCenter SMP-E1114P02 is a security management platform from China's Xinhua San H3C. A path traversal vulnerability exists in H3C SecCenter SMP-E1114P02 20250513 and earlier versions, which stems from path traversal due to incorrect operation of the parameter Name in the...

Windows 2024.15 - Unauthenticated Desktop Screenshot Capture

Exploit Title: Windows 2024.15 - Unauthenticated Desktop Screenshot Capture Date: 2025-05-19 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link: https://rs.ltd/latest.php?os=win Version: 2024.15 Tested on: Windows 10/11 with Remote for Windows helper ''' Description: -...

CVE-2024-23232

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4. An app may be able to capture a user's screen...