Heptabase
Monthly
Unauthorized camera and microphone access in Heptabase by Hepta Platforms is achievable by unauthenticated remote attackers who social-engineer a victim into opening a malicious webpage inside the application, exploiting an exposed dangerous method (CWE-749) that bypasses normal permission gating. The attack yields high confidentiality impact - real-time audio and video capture - with no privileges required on the attacker's side, constrained only by the need for active victim interaction. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis, though the surveillance-class outcome makes it attractive for targeted campaigns.
Unauthorized camera and microphone access in Heptabase by Hepta Platforms is achievable by unauthenticated remote attackers who social-engineer a victim into opening a malicious webpage inside the application, exploiting an exposed dangerous method (CWE-749) that bypasses normal permission gating. The attack yields high confidentiality impact - real-time audio and video capture - with no privileges required on the attacker's side, constrained only by the need for active victim interaction. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis, though the surveillance-class outcome makes it attractive for targeted campaigns.