45 matches found
CVE-2019-11014
The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application for Android, iOS, and Windows, do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the local network. When...
CVE-2022-31810
A vulnerability has been identified in SiPass integrated All versions V2.90.3.8. Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow. This could allow an unauthenticated remote attacker to crash...
EUVD-2007-4509
Malware in sbrugna...
EUVD-2024-17220
Malicious code in bioql PyPI...
EUVD-2023-31201
Malicious code in bioql PyPI...
EUVD-2025-28525
Malicious code in bioql PyPI...
CVE-2025-59768
Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...
PT-2025-40388
Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting XSS issue exists that allows an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL. The vulnerability is reflected through the l...
PT-2025-40379
Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting XSS issue exists that allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...
CVE-2025-42933
CVE-2025-42933 affects SAP Business One through the SLD backend service, where a flaw in enforcing encryption of certain APIs exposes sensitive credentials in HTTP response bodies. The issue impacts confidentiality, integrity, and availability. CVSS 3.1 base score 8.8 (Network, Low attack complex...
CVE-2025-53396
Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier, which may allow users who can log in to a client terminal to obtain root privileges...
PT-2025-22515 · Wire · Wire-Webapp
Name of the Vulnerable Software and Affected Versions: wire-webapp versions 2025-05-14-production.0 through 2025-05-20-production.0 Description: The issue is related to a regression in the session invalidation process. When a user logs out of the Wire webapp, they could be automatically logged in...
CVE-2024-1470
Authorization Bypass Through User-Controlled Key vulnerability in NetIQ OpenText Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6...
CVE-2024-1470
Authorization Bypass Through User-Controlled Key vulnerability in NetIQ OpenText Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6...
Micro Focus NetIQ Client Login Extension Security Vulnerability
Micro Focus NetIQ Client Login Extension is a client login extension from Micro Focus UK. A security vulnerability exists in Micro Focus NetIQ Client Login Extension version 4.6, which originates from an authorized bypass of the user control key, allowing privilege escalation, code injection...
CVE-2024-1470 Elevation of Privilege attack on NetIQ Client login extension
Authorization Bypass Through User-Controlled Key vulnerability in NetIQ OpenText Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6...
CVE-2024-1470 Elevation of Privilege attack on NetIQ Client login extension
Authorization Bypass Through User-Controlled Key vulnerability in NetIQ OpenText Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6...
PT-2024-18074 · Netiq · Netiq Client Login Extension
Name of the Vulnerable Software and Affected Versions: NetIQ Client Login Extension version 4.6 Description: The issue allows for Authorization Bypass Through User-Controlled Key, enabling Privilege Escalation and Code Injection in the NetIQ OpenText Client Login Extension on Windows...
CVE-2022-34268
An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host...
CVE-2022-34268
An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host...