org.opensearch.migrations.trafficcapture:trafficCaptureProxyServer (>=0.2.5.3 <=0.2.5.17) potentially affected by unknown CVE via org.opensearch.plugin:opensearch-security (=2.19.3.0)

org.opensearch.plugin:opensearch-security MAVEN version =2.19.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.opensearch.plugin:opensearch-security and may be impacted: - org.opensearch.migrations.trafficcapture:trafficCaptureProxyServer...

io.github.andrekurait.trafficcapture:dockerSolution (>=0.1.3 <=0.1.5), io.github.andrekurait.trafficcapture:trafficCaptureProxyServer (>=0.1.3 <=0.1.5) +6 more potentially affected by unknown CVE via org.opensearch.plugin:opensearch-security (>=2.11.1.0 <=2.19.3.0)

org.opensearch.plugin:opensearch-security MAVEN version =2.11.1.0, =0.1.3, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2, =0.1.0, =0.1.0, =0.2.3.10 Source cves: unknown CVE Source advisory: OSV:GHSA-X83W-23JP-G6PW...

GHSA-GV2F-Q4WP-FVH5 Duplicate Advisory: OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3cw3-5vxw-g2h3. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that...

CVE-2019-25651

Ubiquiti UniFi Network Controller prior to 5.10.12 excluding 5.6.42, UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weakness...

CVE-2020-7566

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...

com.digitalpebble.stormcrawler:storm-crawler-opensearch (=2.11), com.erudika:para-search-elasticsearch (>=1.41.1 <=1.41.3) +103 more potentially affected by CVE-2025-9624 via org.opensearch:opensearch-common (>=2.10.0 <=2.19.3)

org.opensearch:opensearch-common MAVEN version =2.10.0, =1.41.1, =1.0.0-TEST, =3.0.7, =0.1.3, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2, =1.2.3, =1.2.3, =1.2.3, =4.0.0.0, =4.0.5.2 and more Source cves: CVE-2025-9624 Source advisory: OSV:GHSA-MW3V-MMFW-3X2Ghttps://vulners.com/o...

EUVD-2020-28690

Malware in sbrugna...

EUVD-2007-4146

Malware in sbrugna...

EUVD-2021-20221

Malware in sbrugna...

EUVD-2015-5642

Malware in sbrugna...

EUVD-2025-8625

Malicious code in bioql PyPI...

EUVD-2024-35266

Malicious code in bioql PyPI...

CVE-2025-8448

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products...

io.github.andrekurait.trafficcapture:dockerSolution (>=0.1.3 <=0.1.5), io.github.andrekurait.trafficcapture:trafficCaptureProxyServer (>=0.1.3 <=0.1.5) +6 more potentially affected by unknown CVE via org.opensearch.plugin:opensearch-security (=2.11.1.0)

org.opensearch.plugin:opensearch-security MAVEN version =2.11.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.opensearch.plugin:opensearch-security and may be impacted: - io.github.andrekurait.trafficcapture:dockerSolution =0.1.3, =0.1.3, =0.1....

io.github.andrekurait.trafficcapture:dockerSolution (>=0.1.3 <=0.1.5), io.github.andrekurait.trafficcapture:trafficCaptureProxyServer (>=0.1.3 <=0.1.5) +6 more potentially affected by unknown CVE via org.opensearch.plugin:opensearch-security (=2.11.1.0)

org.opensearch.plugin:opensearch-security MAVEN version =2.11.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.opensearch.plugin:opensearch-security and may be impacted: - io.github.andrekurait.trafficcapture:dockerSolution =0.1.3, =0.1.3, =0.1....

Exploit for Use of Uninitialized Resource in Samba Rsync

CVE-2024-12085 Infoleak exploit Note, this exploit is not ver...

CVE-2024-35294

An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials...

CVE-2021-3882

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...

HoneyWin: High-Interaction Windows Honeypot in Enterprise Environment

Windows operating systems OS are ubiquitous in enterprise Information Technology IT and operational technology OT environments. Due to their widespread adoption and known vulnerabilities, they are often the primary targets of malware and ransomware attacks. With 93% of the ransomware targeting...

CVE-2025-2859

An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the privileges obtained by the user...