EUVD-2019-7875

Malware in sbrugna...

EUVD-2025-31010

Malicious code in bioql PyPI...

PT-2025-39391

Name of the Vulnerable Software and Affected Versions iMonitor EAM version 9.6394 Description The software ships with default administrative credentials that are displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can...

CVE-2019-17524

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this...

PT-2023-18709 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises when archiving a team, as Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display...

CVE-2022-22783

A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker...

PT-2022-15675 · Zoom · Zoom On-Premise Meeting Connector Mmr +1

Name of the Vulnerable Software and Affected Versions: Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 Zoom On-Premise Meeting Connector MMR version 4.8.102.20220310 Description: A vulnerability in Zoom On-Premise Meeting Connector exposes process memory fragments to connect...

Zoom On-​​Premise Meeting Connector Controller安全漏洞

Zoom On-Premise Meeting Connector Controller is an on-premise meeting connector from Zoom USA. A security vulnerability exists in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8. 102.20220310 A security vulnerability exists th...

CVE-2020-26139

Frames used for authentication and key management between the AP and connected clients. Some clients may take these redirected frames masquerading as control mechanisms from the AP. Mitigation Mitigation for this issue is either not available or the currently available options does not meet the R...

Code injection

An issue was discovered in the kernel in NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients an...

CVE-2020-26139

An issue was discovered in the kernel in NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients an...

CVE-2019-17524

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this...

CVE-2019-17524

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this...

Cross site scripting

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this...

CVE-2019-17524

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this...

The vulnerability of the Enterprise Resource Management System “Galaktika ERP” relates to insufficient protection of the website structure, allowing attackers to execute arbitrary JavaScript code in the browser of the connected client.

The vulnerability of the component that allows sending messages to connected users in the enterprise resource management system Galaktika ERP is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript...

CVE-2017-7652

In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available default limit...

WifiChannelMonitor - Monitor APs and Wifi clients on selected channel (Monitor Mode) for Window

WifiChannelMonitor is a utility for Windows that captures wifi traffic on the channel you choose, using Microsoft Network Monitor capture driver in monitor mode, and displays extensive information about access points and the wifi clients connected to them. WifiChannelMonitor also allows you to vi...

ventrilo-info NSE Script

Detects the Ventrilo voice communication server service versions 2.1.2 and above and tries to determine version and configuration information. Some of the older versions pre 3.0.0 may not have the UDP service that this probe relies on enabled by default. The Ventrilo server listens on a TCP...

redis-info NSE Script

Retrieves information such as version number and architecture from a Redis key-value store. Script Arguments creds.service, creds.global See the documentation for the creds library. Example Usage nmap -p 6379 --script redis-info Script Output PORT STATE SERVICE 6379/tcp open unknown | redis-info:...