2096 matches found
CVE-2026-28800 Natro Macro: Malicious actions allowed through Discord RC Commands by any user
Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This...
EUVD-2026-10007
Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This...
CVE-2026-28800 Natro Macro: Malicious actions allowed through Discord RC Commands by any user
Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This...
PT-2026-23653
Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This...
NatroMacro 代码问题漏洞
NatroMacro is an automated script tool for games, developed by the Natro Team. Versions of NatroMacro prior to 1.1.0 contained code vulnerabilities. These vulnerabilities stemmed from the use of Discord remote control in non-private channels, which could allow users with message sending permissio...
kernel: media: rc: fix races with imon_disconnect()
A use-after-free flaw exists in the Linux kernel’s media/rc subsystem. When the device is disconnected via imondisconnect, the driver may unconditionally release a usbdevice reference via usbputdev even while other operations such as vfdwrite, sendpacket, displayopen, lcdwrite are still in...
CVE-2026-28403
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...
CVE-2026-28403
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...
CVE-2026-28403 Textream Cross-Site WebSocket Hijacking (CSWSH) vulnerability
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...
EUVD-2026-9200
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...
CVE-2026-28403 Textream Cross-Site WebSocket Hijacking (CSWSH) vulnerability
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...
PT-2026-22625
Name of the Vulnerable Software and Affected Versions Textream versions prior to 1.5.1 Description The application is a macOS teleprompter. A Cross-Site WebSocket Hijacking CSWSH condition exists in the DirectorServer WebSocket server ws://127.0.0.1:. The server does not validate the HTTP Origin...
Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control And Lockout
Summary The Honeywell IQ4 Trend IQ4 is a line of intelligent building-management controllers designed to provide advanced unitary control, HVAC integration, and scalable I/O expansion for commercial environments. These controllers use Ethernet and TCP/IP networking with embedded XML, support BACn...
EUVD-2026-8662
RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service...
CVE-2026-3203
RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service...
Malicious code in es1int-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09abead9af9906c0579f5cce39e4e75fd445a6edaa1a5380db01ad7dd1e274f8 The package es1int-config was found to contain malicious code. Source: ghsa-malware 3eb94b9e72fc93f339c87b961f88c598fb78ecd2d5e4aad405d17c7eb3d513b2...
CVE-2026-24790
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...
CVE-2026-24790
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...
CVE-2026-24790 Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller Missing Authentication for Critical Function
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...
PT-2026-21251
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...