1890 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-6101
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if th...
Linux Distros Unpatched Vulnerability : CVE-2018-6035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a...
Linux Distros Unpatched Vulnerability : CVE-2025-4050
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures...
Linux Distros Unpatched Vulnerability : CVE-2018-6151
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious...
Linux Distros Unpatched Vulnerability : CVE-2018-6046
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a...
gstreamer-devtools-1.26.5-1.1 on GA media (moderate)
gstreamer-devtools-1.26.5-1.1 on GA media Announcement ID: openSUSE-SU-2025:15446-1 Rating: moderate Cross-References: CVE-2025-55159 CVSS scores: CVE-2025-55159 SUSE : 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2025-55159 SUSE : 5.8...
OPENSUSE-SU-2025:15445-1 gstreamer-devtools-1.26.5-1.1 on GA media
These are all security issues fixed in the gstreamer-devtools-1.26.5-1.1 package on the GA media of openSUSE Tumbleweed...
MAL-2025-27491 Malicious code in ni-node-devtools (npm)
The package ni-node-devtools was found to contain malicious code...
Malicious code in ni-node-devtools (npm)
The package ni-node-devtools was found to contain malicious code...
Linux Distros Unpatched Vulnerability : CVE-2025-5271
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and...
Linux Distros Unpatched Vulnerability : CVE-2020-12392
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user...
Linux Distros Unpatched Vulnerability : CVE-2024-0751
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...
Linux Distros Unpatched Vulnerability : CVE-2024-9394
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to acces...
Linux Distros Unpatched Vulnerability : CVE-2020-6811
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used...
Linux Distros Unpatched Vulnerability : CVE-2020-12393
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used...
Linux Distros Unpatched Vulnerability : CVE-2021-23985
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an attacker is able to alter specific about:config values for example malware running on the user's computer, the Devtools remote debugging feature could hav...
@ballerine/workflows-service (>=0.4.6 <=0.5.49), @digitaltg/vc-signer (=1.0.0) +9 more potentially affected by CVE-2025-54782 via @nestjs/devtools-integration (=0.1.6)
@nestjs/devtools-integration NPM version =0.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on @nestjs/devtools-integration and may be impacted: - @ballerine/workflows-service =0.4.6, =0.0.37, =0.0.4, =0.0.1, =0.0.6, =0.0.82, =0.0.32, =1.0.0, =1.0.9 -...
Arbitrary Command Injection
Overview @nestjs/devtools-integration is a Nest - modern, fast, powerful node.js web framework @devtools-integration Affected versions of this package are vulnerable to Arbitrary Command Injection via the inspector/graph/interact endpoint, which accepts JSON input containing a code field and...
nest 命令注入漏洞
nest is a Node.js framework open-sourced by nestjs for building efficient, scalable and enterprise-class server-side applications using TypeScript/JavaScript. A command injection vulnerability exists in nest 0.2.0 and earlier versions, which stems from the presence of an insecure JavaScript sandb...
CVE-2025-54782 @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers
Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...