21 matches found
Attacking the MCP Trust Boundary
Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol MCP, the fast-growing standard for connecting AI agents to external services, inherits that gap...
CVE-2026-23572
Improper access control in the TeamViewer Full and Host clients Windows, macOS, Linux prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit could result in unauthorized access prior to...
CVE-2026-23572 Improper Access Control in TeamViewer clients
Improper access control in the TeamViewer Full and Host clients Windows, macOS, Linux prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit could result in unauthorized access prior to...
EUVD-2017-14057
Malware in sbrugna...
CVE-2023-33861
IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client...
CVE-2024-47119
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client...
MAL-2024-8877 Malicious code in afe-host-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d80291bc2fb747c24552e0b6b0ca98fd26e244004fe5a804870a1be5e54a4e0e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in afe-host-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d80291bc2fb747c24552e0b6b0ca98fd26e244004fe5a804870a1be5e54a4e0e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in asset-host_client (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Exploit for CVE-2022-37708
Docker Lightman Exploit Docker CVE-2022-37708. This exploit r...
CVE-2018-19946
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in...
VMSA-2020-0008 : VMware ESXi patches address Stored Cross-Site Scripting (XSS) vulnerability
a. VMware ESXi patches address Stored Cross-Site Scripting XSS vulnerability CVE-2020-3955 Description : The VMware ESXi Host Client does not properly neutralize script-related HTML when viewing virtual machines attributes. A malicious actor with access to modify the system properties of a virtua...
Cross site scripting
The ESXi Host Client in VMware ESXi 6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG contains a vulnerability that may allow for stored cross-site scripting XSS. An attacker can exploit this vulnerability by injecting Javascript, which might get...
CVE-2017-4940
The ESXi Host Client in VMware ESXi 6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG contains a vulnerability that may allow for stored cross-site scripting XSS. An attacker can exploit this vulnerability by injecting Javascript, which might get...
CVE-2017-4940
The ESXi Host Client in VMware ESXi 6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG contains a vulnerability that may allow for stored cross-site scripting XSS. An attacker can exploit this vulnerability by injecting Javascript, which might get...
CVE-2017-4940
The CVE-2017-4940 issue affects the ESXi Host Client component of VMware ESXi. It is a stored cross-site scripting (XSS) vulnerability allowing an attacker to inject Javascript that may execute when other users access the Host Client. Affected product versions; ESXi 6.5 before ESXi650-201712103-S...
Vmware ESXi Host Client Cross-Site Scripting Vulnerability
VMware ESXi is a bare-metal virtualization hypervisor from VMware that is installed directly on a physical server and divides the physical server into multiple virtual machines. The program features less disk space, higher reliability and security. A cross-site scripting vulnerability exists in...
CVE-2016-7463
Cross-site scripting XSS vulnerability in the Host Client in VMware vSphere Hypervisor aka ESXi 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM...
VMSA-2016-0023 : VMware ESXi updates address a cross-site scripting issue
a. Host Client stored cross-site scripting issue The ESXi Host Client contains a vulnerability that may allow for stored cross-site scripting XSS. The issue can be introduced by an attacker that has permission to manage virtual machines through ESXi Host Client or by tricking the vSphere...
VMware ESXi updates address a cross-site scripting issue (VMSA-2016-003) - Remote Version Check
VMware ESXi updates address a critical glibc security vulnerability SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...