10 matches found
CVE-2026-24933
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...
CVE-2026-24932
The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...
CVE-2026-24934 An improper certificate validation vulnerability was found in ADM while querying an external server for the device's WAN IP address.
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...
EUVD-2026-5285
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...
CVE-2026-24932 An improper certificate validation vulnerability was found in ADM while updating the DDNS settings.
The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...
Joomla core 3.0.0-3.10.15-elts,4.0.0-4.4.5,5.0.0-5.1.1 - Unauthenticated XSS in StringHelper::truncate method vulnerability
Unauthenticated XSS in StringHelper::truncate method vulnerability discovered by ? in WordPress Core Joomla versions 3.0.0-3.10.15-elts,4.0.0-4.4.5,5.0.0-5.1.1...
[20240702] - Core - Self-XSS in fancyselect list field layout
The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...
PT-2023-15710 · Google · Widevine Trusted Application
Name of the Vulnerable Software and Affected Versions: Widevine Trusted Application TA versions 5.0.0 through 5.1.1 Description: The issue is related to an integer overflow and resultant buffer overflow in the drm save keys feature, specifically with the feature name len. Recommendations: For...
Widevine 输入验证错误漏洞
Widevine is a proprietary digital rights management DRM system from Widevine, Inc. An input validation error vulnerability exists in Widevine Trusted Application versions 5.0.0 through 5.1.1, which stems from the presence of an integer overflow issue that results in a buffer overflow...
CVE-2017-14395
Auth 2.0 Authorization Server of ForgeRock Access Management OpenAM 13.5.0-13.5.1 and Access Management AM 5.0.0-5.1.1 does not correctly validate redirecturi for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS...