968 matches found
CVE-2020-36925
CVE-2020-36925 affects the Arteco Web Client DVR/NVR. The issue is a session hijacking vulnerability caused by insufficient session ID complexity, enabling attackers to brute‑force session IDs within a numeric range to bypass authentication and gain access to live camera streams. The available do...
CVE-2020-36925 Arteco Web Client DVR/NVR Session ID Brute Force Authentication Bypass
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...
CVE-2020-36925 Arteco Web Client DVR/NVR Session ID Brute Force Authentication Bypass
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...
Arteco Web Client DVR/NVR 安全特征问题漏洞
Arteco Web Client DVR/NVR is a web management page from Arteco, Italy. A security feature issue vulnerability exists in Arteco Web Client DVR/NVR that stems from insufficient session ID complexity, which could lead to bypassing authentication and accessing live camera streams by brute-force...
PT-2026-1458
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...
CVE-2025-66035
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...
ROS-20251203-08
The aiohttp HTTP client vulnerability is related to the fact that the final sections of an HTTP request are not analyzed. Exploitation of the vulnerability could allow an attacker acting remotely to perform spoofing attacks on HTTP requests. HTTP requests...
CVE-2025-13836 Excessive read buffering DoS in http.client
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS...
Exploit for CVE-2021-21980
CVE-2021-21980 Vulnerable Test Environment Overview Realis...
Tryton sao 跨站脚本漏洞
Tryton sao is a web client for Tryton's open source Universal Application Platform. A cross-site scripting vulnerability exists in Tryton sao versions prior to 7.6.9, which stems from an HTML attachment that could lead to a cross-site scripting attack...
Exploit for CVE-2021-21980
Clippy of the Dead - CVE-2021-21980 testing environment and Nucl...
[SECURITY] [DSA 6061-1] tryton-sao security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6061-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 25, 2025 https://www.debian.org/security/faq -...
libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process
A flaw was found in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds...
CVE-2025-13262 lsfusion platform UploadFileRequestHandler.java UploadFileRequestHandler path traversal
A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to...
CVE-2025-13261 lsfusion platform DownloadFileRequestHandler.java DownloadFileRequestHandler path traversal
A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote...
[SECURITY] Fedora 41 Update: rust-reqsign-http-send-reqwest-2.0.1-1.fc41
Reqwest-based HTTP client implementation for reqsign...
CVE-2025-52186
Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...
CVE-2025-42893
Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal...
[SECURITY] [DSA 6034-1] tryton-sao security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6034-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 23, 2025 https://www.debian.org/security/faq -...
Debian dsa-6034 : tryton-sao - security update
The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6034 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6034-1 [email protected] https://www.debian.org/security/...