MAL-2026-5386 Malicious code in @0xlr/prisma-client-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b993c29d90c2ecfffaa9ed55b99c38e5351052e619b79ad2a385d6c72376f0f4 On npm install, postinstall.js enumerates all of process.env, collects hostname, username, homedir, cwd, argv, platform/arch/release, memory and CPU...

Apache ZooKeeper: Apache ZooKeeper: Impersonation of servers or clients via reverse DNS spoofing

A flaw was found in Apache ZooKeeper. The ZKTrustManager component's hostname verification process can fall back to reverse DNS PTR lookup when IP Subject Alternative Name SAN validation fails. This vulnerability allows an attacker who can control or spoof PTR records to impersonate ZooKeeper...

SUSE CVE-2026-34873

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

CVE-2026-34873

A flaw was found in Mbed TLS. This vulnerability allows a remote attacker to impersonate a client during the resumption of a TLS 1.3 session. This could lead to unauthorized access or other security breaches by allowing the attacker to act as a legitimate client. Mitigation Mitigation for this...

EUVD-2026-18064

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

CVE-2026-34873

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

DEBIAN-CVE-2026-34873

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

CVE-2026-34873

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

UBUNTU-CVE-2026-34873

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' in the TLS 1.3 session resumption logic if the subsequent ClientHello negotiates TLS 1.2 back. An attacker can gain unauthorized access by impersonating a...

CVE-2026-34873

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

CVE-2026-34873

Summary: CVE-2026-34873 affects Mbed TLS 3.5.0–4.0.0, enabling client impersonation during TLS 1.3 session resumption. Impact (per CVE): Confidentiality and integrity may be affected (CRITICAL/9.1 CVSS). Root cause (as described): vulnerability arises during TLS 1.3 session resumption with the Mb...

Mbed TLS 安全漏洞

Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed. Versions of Mbed TLS from 3.5.0 to 4.0.0 contain security vulnerabilities, which stem from the potential for client impersonation when restoring TLS 1.3 sessions...

PT-2026-29611

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

CVE-2026-34873

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

CVE-2026-34873

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation through the RDNsMatch LDAP DN matching function in the internal/ldap component. An attacker can impersonate a trusted client and gain unauthorized access by presenting a certificate with a different set o...

EUVD-2015-2411

Malware in sbrugna...

EUVD-2010-3997

Malware in sbrugna...

Comprehensive MCP Security Checklist: Protecting Your AI-Powered Infrastructure

With innovation comes risk. As organizations race to build AI-first infrastructure, security is struggling to keep pace. Multi-Agentic Systems – those built on Large Language Models LLMs and Multi-Component Protocols MCP - bring immense potential, but also novel vulnerabilities that traditional...