8006 matches found
CVE-2025-41718
CVE-2025-41718 is a Murrelektronik issue affecting firmware (e.g., Impact67 Pro 54630) where credentials are transmitted in clear text. The root cause is unencrypted credential transmission, allowing an unauthenticated remote attacker to obtain login credentials and gain Web UI access. The CVSSv3...
CVE-2025-41718 Murrelektronik: Unprotected Transport of Credentials
A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI...
EUVD-2025-34145
A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI...
CVE-2025-60536
The CVE-2025-60536 entry affects kafka-ui, specifically the Configure New Cluster interface in versions v0.6.0 through v0.7.2. The issue allows an attacker to trigger a Denial of Service by uploading a crafted configuration file. The available connected documents confirm the affected product/vers...
KLA89279 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, spoof user interface, cause denial of service, gain privileges, execute arbitrary code. Below is a complete list of...
KLA89272 SUI vulnerability in Microsoft SQL Server
A spoofing vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to spoof user interface, bypass security restrictions. Original advisories CVE-2025-59250 Related products Microsoft-SQL-Server CVE list CVE-2025-59250 critical Solution Install necessary...
KLA89275 SUI vulnerability in Microsoft Open Source Software
A spoofing vulnerability was found in Microsoft Open Source Software. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2025-59288 CVE list CVE-2025-59288 high Solution Install necessary updates from the KB section, that are listed in your Windows...
PT-2025-41860
Name of the Vulnerable Software and Affected Versions Affected versions not specified Description A cleartext transmission of sensitive information allows an unauthorized remote attacker to gain login credentials and access the Web-UI. The vulnerability is due to the absence of proper encryption ...
PT-2025-42165
Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...
UI for Apache Kafka 安全漏洞
UI for Apache Kafka is an open source front-end interface for Kafka by Provectus. A security vulnerability exists in UI for Apache Kafka versions v0.6.0 through v0.7.2, which stems from improper validation of inputs to the component /kafka/ui/serdes/CustomSerdeLoader.java, which could lead to the...
KLA89245 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, perform cross-site scripting attack, spoof user interface. Below is a complete...
CVE-2025-60537
Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...
tracexec has `env` command argument injection via environment variables starting with dash in traced exec events
Impact For tracexec's command line reconstruction feature, when a traced process executes another process with a environment variable where the key starts with a dash, tracexec incorrectly shows its commandline where such environment variables could cause argument injection for the env command...
GHSA-6FGX-X7M2-74QM tracexec has `env` command argument injection via environment variables starting with dash in traced exec events
Impact For tracexec's command line reconstruction feature, when a traced process executes another process with a environment variable where the key starts with a dash, tracexec incorrectly shows its commandline where such environment variables could cause argument injection for the env command...
[SECURITY] Fedora 41 Update: podman-tui-1.9.0-1.fc41
podman-tui is a terminal user interface for Podman v4 and v5. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...
[SECURITY] Fedora 42 Update: podman-tui-1.9.0-1.fc42
podman-tui is a terminal user interface for Podman v4 and v5. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...
CVE-2025-21058
CVE-2025-21058 affects SAMSUNG Mobile Routines, with improper access control in Routines versions prior to 4.8.7.1 (Android 15) and 4.9.6.0 (Android 16). This allows local attackers to potentially execute arbitrary code with SystemUI privileges . The issue is confirmed across multiple sources (RH...
EUVD-2025-33581
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue...
CVE-2025-4614
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue...
CVE-2025-4614
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue...