29 matches found
CVE-2026-40431
A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013302)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013302 advisory. The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, a...
PT-2026-26741
OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect to the exposed noVNC port to observe or interact wi...
PT-2026-3740
Impact Fleet’s debug/pprof endpoints are accessible to any authenticated user regardless of role, including the lowest-privilege “Observer” role. This allows low-privilege users to access sensitive server internals, including runtime profiling data and in-memory application state, and to trigger...
PT-2026-3749
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.53.3 Fleet versions 4.53.3 through 4.75.2 Fleet versions 4.75.2 through 4.76.2 Fleet versions 4.76.2 through 4.77.1 Fleet versions 4.77.1 through 4.78.3 Description Fleet, an open source device management software, ha...
CVE-2025-34241
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
CVE-2025-34244
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
CVE-2025-34246
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
CVE-2025-1566
DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions...
CVE-2022-36447
An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the...
Mozilla Firefox < 57 Multiple Vulnerabilities
Binary data 700322.prm...
Mozilla: Use-after-free with image observers (MFSA 2017-19)
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
openSUSE Security Update : MozillaFirefox (openSUSE-2017-921)
This update to Mozilla Firefox 52.3esr fixes a number of security issues. The following vulnerabilities were advised upstream under MFSA 2017-19 boo1052829 : - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection -...
[SECURITY] Fedora 23 Update: rubygem-activemodel-4.2.3-2.fc23
Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...
[SECURITY] Fedora 22 Update: rubygem-activemodel-4.2.0-2.fc22
Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...
Microsoft Internet Explorer Mutation Observer Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
CVE-2014-1380
The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input...
Input validation
The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input...
[SECURITY] Fedora 17 Update: rubygem-activemodel-3.0.11-3.fc17
Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...
[SECURITY] Fedora 18 Update: rubygem-activemodel-3.2.8-2.fc18
Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...