402 matches found
Cisco Secure Web Appliance Real-Time Scanning Archive File Bypass Vulnerability
A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...
Cisco Secure Web Appliance 安全漏洞
Cisco Secure Web Appliance is an application developed by the American company Cisco. It is used to protect websites. There is a security vulnerability in Cisco Secure Web Appliance, which stems from the dynamic vector and stream engine’s improper handling of certain archive files. This...
HTTPS Fetch, Linux Reboot
Fetch and execute an RISC-V 64-bit payload from an HTTPS server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/https/riscv64le/reboot msf...
HTTPS Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an RISC-V 32-bit payload from an HTTPS server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/https/riscv32le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp sh...
EUVD-2025-204620
The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and...
CA2-Secure_Web_App
No d...
Protection Mechanism Failure
Overview mad-proxy is a Lightweight HTTP/HTTPS interception proxy with real-time traffic firewall and domain block. Affected versions of this package are vulnerable to Protection Mechanism Failure via the HTTP/HTTPS Traffic. An attacker can access sensitive traffic by bypassing established...
CVE-2025-13762
Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305...
CVE-2025-13762
Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305...
CVE-2025-13762 Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305
Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305...
CVE-2025-13762 Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305
Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305...
PT-2025-48223
Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305...
curl: Silent TLS Trust Model Hijacking via `CURL_CA_BUNDLE` Environment Variable Leads to MITM
Summary: curl is vulnerable to silent Man-in-the-Middle MITM attacks due to its design, which implicitly trusts the CA certificate path specified in the CURLCABUNDLE environment variable. This mechanism allows the entire TLS trust model chain of trust of curl to be hijacked without any warning or...
CVE-2025-11493 Self-Update Verification Mechanism Process in ConnectWise Automate
The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...
EUVD-2020-30184
Malware in sbrugna...
EUVD-1999-0810
Malware in sbrugna...
EUVD-2020-24638
Malware in sbrugna...
EUVD-2024-31967
Malicious code in bioql PyPI...
EUVD-2022-34505
Malicious code in bioql PyPI...
EUVD-2025-24586
Malicious code in bioql PyPI...