51 matches found
CVE-2025-22239
CVE-2025-22239 – Salt Master event injection : The Salt Master’s _minion_event method can be abused by an authorized minion to push arbitrary events onto the master's event bus, enabling potential impact on integrity and confidentiality (I, C) with low availability impact. The advisory notes this...
CVE-2025-22239 CVE-2025-22239 salt advisory
Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...
PT-2025-25394 · Unknown +1 · Salt-Master +1
Name of the Vulnerable Software and Affected Versions: Salt Master affected versions not specified Description: The issue allows arbitrary event injection on the Salt Master. An authorized minion can use the master's minion event method to send arbitrary events onto the master's event bus...
CVE-2024-0038
In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
Google Android Security Vulnerability
Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android, which stems from a lack of permission checking in the injectInputEventToInputFilter method of the AccessibilityManagerService.java file, which cou...
ASB-A-309426390
In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
MITM RDP Connections: Seth
Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops...
Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities
Jupiter CMS , to redirect the user to a page of your choice, to avoid suspicion and disclosure of your cookiestealer's location. This injections would allow an attacker to redirect users to a page of his choice, effectively defacing the page:...
CVE-2026-47212: Twilio Notifier Webhook Parser Never Verifies the X-Twilio-Signature HMAC: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-47212...
CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-45754...
CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection
More info at https://symfony.com/cve-2026-45754...