Linux Distros Unpatched Vulnerability : CVE-2018-6035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a...

Linux Distros Unpatched Vulnerability : CVE-2018-6151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious...

Linux Distros Unpatched Vulnerability : CVE-2025-4050

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures...

gstreamer-devtools-1.26.5-1.1 on GA media (moderate)

gstreamer-devtools-1.26.5-1.1 on GA media Announcement ID: openSUSE-SU-2025:15446-1 Rating: moderate Cross-References: CVE-2025-55159 CVSS scores: CVE-2025-55159 SUSE : 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2025-55159 SUSE : 5.8...

OPENSUSE-SU-2025:15445-1 gstreamer-devtools-1.26.5-1.1 on GA media

These are all security issues fixed in the gstreamer-devtools-1.26.5-1.1 package on the GA media of openSUSE Tumbleweed...

Malicious code in ni-node-devtools (npm)

The package ni-node-devtools was found to contain malicious code...

MAL-2025-27491 Malicious code in ni-node-devtools (npm)

The package ni-node-devtools was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2025-5271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and...

Linux Distros Unpatched Vulnerability : CVE-2020-12392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user...

Linux Distros Unpatched Vulnerability : CVE-2024-9394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to acces...

Linux Distros Unpatched Vulnerability : CVE-2024-0751

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...

Linux Distros Unpatched Vulnerability : CVE-2020-6811

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used...

Linux Distros Unpatched Vulnerability : CVE-2020-12393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used...

Linux Distros Unpatched Vulnerability : CVE-2021-23985

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an attacker is able to alter specific about:config values for example malware running on the user's computer, the Devtools remote debugging feature could hav...

@ballerine/workflows-service (>=0.4.6 <=0.5.49), @digitaltg/vc-signer (=1.0.0) +9 more potentially affected by CVE-2025-54782 via @nestjs/devtools-integration (=0.1.6)

@nestjs/devtools-integration NPM version =0.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on @nestjs/devtools-integration and may be impacted: - @ballerine/workflows-service =0.4.6, =0.0.37, =0.0.4, =0.0.1, =0.0.6, =0.0.82, =0.0.32, =1.0.0, =1.0.9 -...

Arbitrary Command Injection

Overview @nestjs/devtools-integration is a Nest - modern, fast, powerful node.js web framework @devtools-integration Affected versions of this package are vulnerable to Arbitrary Command Injection via the inspector/graph/interact endpoint, which accepts JSON input containing a code field and...

nest 命令注入漏洞

nest is a Node.js framework open-sourced by nestjs for building efficient, scalable and enterprise-class server-side applications using TypeScript/JavaScript. A command injection vulnerability exists in nest 0.2.0 and earlier versions, which stems from the presence of an insecure JavaScript sandb...

CVE-2025-54782 @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers

Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...

SquareX Discloses Architectural Limitations of Browser DevTools in Debugging Malicious Extensions

Palo Alto, California, 29th July 2025, CyberNewsWire...

The vulnerability of DevTools components in Google Chrome allows a hacker to execute arbitrary code.

The vulnerability of DevTools components in Google Chrome browsers is related to an incorrect limitation on the visible layers of the user interface. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...