Lucene search
K

5137 matches found

Cvelist
Cvelist
added 2025/07/10 7:9 p.m.36 views

CVE-2025-7021 OpenAI Operator - API Spoofing through Locking Operator on FullScreen

Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input e.g., login credentials, email addresses via displaying a deceptive fullscreen interface with overlaid fake browser...

6.9CVSS0.00299EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/07/09 7:23 p.m.14 views

CVE-2025-6044

An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture...

6.1CVSS7AI score0.00115EPSS
Exploits0References1
CVE
CVE
added 2025/07/07 6:58 p.m.32 views

CVE-2025-6044

CVE-2025-6044 concerns Google ChromeOS: an Improper Access Control in the Stylus Tools component on ChromeOS 16238.64.0 (garaged stylus devices) allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen captur...

6.1CVSS6.2AI score0.00115EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2025/07/07 2:28 a.m.2 views

webkitgtk: the video in a webRTC call may be interrupted if the audio capture gets interrupted

A vulnerability was found in WebKitGTK. This issue occurs due to a logic issue in video self-preview feature in a webRTC call, which can be interrupted if the user answers a phone call or the audio capture is interrupted. This flaw allows a remote attacker to perform a denial of service attack...

4.3CVSS5.8AI score0.00633EPSS
Exploits0References5
OSV
OSV
added 2025/06/30 7:15 p.m.7 views

CVE-2025-36593

Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid protocol accept message in response to a failed...

8.8CVSS5.8AI score0.00245EPSS
Exploits0References1
OSV
OSV
added 2025/06/24 12:15 a.m.4 views

CVE-2025-6533

A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulatio...

5.9CVSS6.5AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/06/24 12:0 a.m.4 views

CVE-2025-6533 xxyopen/201206030 novel-plus CATCHA LoginController.java ajaxLogin authentication replay

A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulatio...

6.3CVSS7.2AI score0.00474EPSS
Exploits1References5
CVE
CVE
added 2025/06/24 12:0 a.m.22 views

CVE-2025-6533

CVE-2025-6533 affects xxyopen/201206030 novel-plus (up to v5.1.3). The vulnerability resides in ajaxLogin (LoginController.java, CATCHA Handler) and enables authentication bypass via capture-replay. Attack vector is remote over network; attack complexity is high, but public PoC/exploitation info ...

6.3CVSS7.2AI score0.00474EPSS
Exploits1References5Affected Software1
Fedora
Fedora
added 2025/06/15 1:49 a.m.4 views

[SECURITY] Fedora 42 Update: wireshark-4.4.7-1.fc42

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

7.8CVSS7AI score0.00299EPSS
Exploits1
Fedora
Fedora
added 2025/06/15 1:7 a.m.7 views

[SECURITY] Fedora 41 Update: wireshark-4.4.7-1.fc41

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

7.8CVSS7AI score0.00299EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/06/14 8:17 p.m.5 views

CVE-2025-5484

A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced duri...

8.3CVSS8.4AI score0.00415EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.3 views

PT-2025-24526 · Sprig +1 · Sprig +1

Name of the Vulnerable Software and Affected Versions: Listmonk versions 4.0.0 through 5.0.2 Description: Listmonk is a standalone, self-hosted, newsletter and mailing list manager. The env and expandenv template functions, enabled by default in Sprig, allow capturing of environment variables on...

9CVSS6AI score0.00907EPSS
Exploits2References11
CNNVD
CNNVD
added 2025/06/09 12:0 a.m.3 views

listmonk 安全漏洞

listmonk is a high-performance, self-hosted, newsletter and mailing list manager with a modern dashboard by the individual developer Kailash Nadh. A security vulnerability exists in listmonk versions prior to 5.0.2, which stems from a template function capturing an environment variable that could...

9CVSS6.1AI score0.00907EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2025/06/06 5:21 p.m.7 views

CVE-2025-20163

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller NDFC could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by...

8.7CVSS7.3AI score0.00365EPSS
Exploits0References1
OSV
OSV
added 2025/06/06 7:15 a.m.5 views

CVE-2025-48905

Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types...

8.1CVSS5.8AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 6:38 a.m.7 views

CVE-2025-48905

Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types...

8.1CVSS0.00257EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 6:38 a.m.56 views

CVE-2025-48905

CVE-2025-48905 concerns a Wasm exception capture vulnerability in the arkweb v8 module. The available connected sources identify the issue as causing a failure to capture certain Wasm exception types, but do not specify affected versions beyond identifying the arkweb v8 module as vulnerable. Repo...

8.1CVSS6.8AI score0.00257EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/06/06 12:0 a.m.2 views

Wireshark Denial of Service Vulnerability (CNVD-2025-30216)

Wireshark is a very popular network packet analyzer that intercepts various network packets and displays packet details. A denial of service vulnerability exists in Wireshark. The vulnerability exists in Wireshark's column processing feature. When Wireshark attempts to process network packets or...

7.8CVSS7.1AI score0.00299EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/06/06 12:0 a.m.4 views

QualitEye: Public and Privacy-Preserving Gaze Data Quality Verification

Gaze-based applications are increasingly advancing with the availability of large datasets but ensuring data quality presents a substantial challenge when collecting data at scale. It further requires different parties to collaborate, therefore, privacy concerns arise. We propose QualitEye--the...

6.7AI score
Exploits0
OpenVAS
OpenVAS
added 2025/06/05 12:0 a.m.4 views

Wireshark Security Update (wnpa-sec-2025-02) - Mac OS X

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

7.8CVSS7.3AI score0.00299EPSS
Exploits1References1
Rows per page
Query Builder