CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/09/18 9:28 p.m.•10 views

CVE-2025-54810

CVE-2025-54810 affects Cognex In-Sight Explorer and In-Sight Camera Firmware. A proprietary protocol on TCP port 1069 handles management operations, including changing system properties. User management data (usernames and passwords) are transmitted over an unencrypted channel, enabling an adjace...

8.6CVSS6.7AI score0.00028EPSS

Vulnrichment•added 2025/09/18 9:28 p.m.•2 views

CVE-2025-54810 Cognex In-Sight Explorer and In-Sight Camera Firmware Authentication Bypass by Capture-replay

8.6CVSS6.7AI score0.00028EPSS

RedhatCVE•added 2025/09/18 12:29 p.m.•11 views

CVE-2025-7743

Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation. This issue affects Omaspot: before 12.09.2025...

9.6CVSS5.4AI score0.00021EPSS

Positive Technologies•added 2025/09/18 12:0 a.m.•3 views

PT-2025-38491

Name of the Vulnerable Software and Affected Versions Cognex In-Sight Explorer and In-Sight Camera Firmware affected versions not specified Description The software exposes a proprietary protocol on TCP port 1069 for management operations, including modifying system properties. The user managemen...

8.6CVSS6.4AI score0.00016EPSS

Exploits0References5

NVD•added 2025/09/16 12:15 p.m.•2 views

CVE-2025-7743

Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation. This issue affects Omaspot: before 12.09.2025...

9.6CVSS0.00021EPSS

Vulnrichment•added 2025/09/16 11:52 a.m.•3 views

CVE-2025-7743 Sensitive Data Exposure in Dolusoft's Omaspot

Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation. This issue affects Omaspot: before 12.09.2025...

9.6CVSS5.4AI score0.00021EPSS

ATTACKERKB•added 2025/09/16 11:52 a.m.•5 views

CVE-2025-7743

Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation. This issue affects Omaspot: before 12.09.2025...

9.6CVSS5.4AI score0.00021EPSS

Exploits0References3

Positive Technologies•added 2025/09/16 12:0 a.m.•2 views

PT-2025-37925

Name of the Vulnerable Software and Affected Versions: Dolusoft Omaspot versions prior to 12.09.2025 Description: A cleartext transmission of sensitive information issue exists in Dolusoft Omaspot, potentially allowing interception and privilege escalation. Recommendations: Update Dolusoft Omaspo...

9.6CVSS6.3AI score0.00021EPSS

Exploits0References5

Packet Storm News•added 2025/09/11 12:0 a.m.•3 views

PARROT: Portable Android Reproducible Traffic Observation Tool

The rapid evolution of mobile security protocols and limited availability of current datasets constrains research in app traffic analysis. This paper presents PARROT, a reproducible and portable traffic capture system for systematic app traffic collection using Android Virtual Devices. The system...

6.7AI score

Exploits0

Qualys Blog•added 2025/09/10 8:43 p.m.•7 views

When Dependencies Turn Dangerous: Responding to the NPM Supply Chain Attack

On September 8, 2025, attackers compromised a set of 18 widely used npm packages —including chalk, debug, ansi-styles, and strip-ansi—collectively downloaded over 2.6 billion times per week. Through a targeted phishing campaign against a maintainer, the attackers published malicious versions...

7AI score

Exploits0

Snyk•added 2025/09/09 8:45 p.m.•1 views

Embedded Malicious Code

Overview @duckdb/duckdb-wasm is an in-process analytical SQL database for the browser. It is powered by WebAssembly, speaks Arrow fluently, reads Parquet, CSV and JSON files backed by Filesystem APIs or HTTP requests and has been tested with Chrome, Firefox, Safari and Node.js. Affected versions ...

9.8CVSS7.3AI score0.00096EPSS

The Hacker News•added 2025/09/09 6:13 a.m.•7 views

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer's account was compromised in a phishing attack. The attack targeted Josh Junon aka Qix, who received an email message that mimicked npm "[email protected]", urging them to update their update...

7.2AI score

Exploits0

Snyk•added 2025/09/08 2:26 p.m.•0 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...

Embedded Malicious Code

Embedded Malicious Code

Overview debug is a small debugging utility. Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook...

Embedded Malicious Code

Overview supports-hyperlinks is a Detect whether a terminal supports hyperlinks Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The inject...

9.8CVSS7AI score

Snyk•added 2025/09/08 2:26 p.m.•3 views

Embedded Malicious Code

Embedded Malicious Code

Overview color-string is a Parser and generator for CSS color strings Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicio...