CVE-2026-56769 Huly Platform - Server-Side Request Forgery via /import Endpoint

Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal...

📄 ESP-RFID-Tool V2 PRO Traversal / XSS / Bypass / Enumeration

ESP-RFID-Tool V2 PRO suffers from bypass, cross site request forgery, cross site scripting, information leakage, path traversal, and multiple other vulnerabilities. The vendor has seemingly taken a hostile approach to responding to these findings and is uncooperative. Security Advisory:...

CVE-2026-34210

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new...

CVE-2026-34210 mppx has Stripe charge credential replay via missing idempotency check

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new...

CVE-2026-34210

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new...

CVE-2026-34210 mppx has Stripe charge credential replay via missing idempotency check

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new...

mppx 安全漏洞

MPPX is a blockchain-based payment protocol SDK developed by Wevm. Versions of MPPX prior to 0.4.11 contained security vulnerabilities. These vulnerabilities stemmed from the stripe/charge payment method not checking Stripe’s Idempotent-Replayed response header, which could allow attackers to...

GHSA-8MHJ-RFFC-RCVW mppx has Stripe charge credential replay via missing idempotency check

Impact The stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new challenge, and the server would accept the replayed Stripe PaymentIntent as a ne...

mppx has Stripe charge credential replay via missing idempotency check

Impact The stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new challenge, and the server would accept the replayed Stripe PaymentIntent as a ne...

CVE-2026-28787

OneUptime CVE-2026-28787 affects versions 10.0.11 and earlier, where WebAuthn challenge data is not stored server-side. The server returns the generated challenge to the client and accepts the client-provided challenge during verification, violating WebAuthn and enabling replay of valid assertion...

Mozilla Firefox < 3.0.16

The version of Firefox installed on the remote Windows host is prior to 3.0.16. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-68 advisory. - Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticate...

Mozilla Firefox < 3.5.6

The version of Firefox installed on the remote Windows host is prior to 3.5.6. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-68 advisory. - Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated...

EUVD-2004-1080

Malware in sbrugna...

EUVD-2025-13261

Malicious code in bioql PyPI...

Squid 5.x < 5.0.2 Multiple Vulnerabilities

According to its self-reported version number, the version of Squid installed on the remote host is 5.x 5.0.2 or prior to 4.11. It is, therefore, affected by multiple vulnerabilities: - Due to incorrect buffer handling Squid is vulnerable to cache poisoning, remote execution, and denial of servic...

Squid < 4.11 Multiple Vulnerabilities

According to its self-reported version number, the version of Squid installed on the remote host is 5.x 5.0.2 or prior to 4.11. It is, therefore, affected by multiple vulnerabilities: - Due to incorrect buffer handling Squid is vulnerable to cache poisoning, remote execution, and denial of servic...

MGASA-2020-0187 Updated squid packages fix security vulnerability

Updated squid packages fix security vulnerability: Due to an integer overflow bug Squid is vulnerable to credential replay and remote code execution attacks against HTTP Digest Authentication tokens. When memory pooling is used this problem allows a remote client to replay a sniffed Digest...

GHSA-PQ4W-QM9G-QX68 Insufficient Nonce Validation in Eclipse Milo Client

Impact Credential replay affecting those connected to a server when all 3 of the following conditions are met: - SecurityPolicy is None - using username/password or X509-based authentication - the server has a defect causing it to send null/empty or zeroed nonces Patches The problem has been...

Insufficient Nonce Validation in Eclipse Milo Client

Impact Credential replay affecting those connected to a server when all 3 of the following conditions are met: - SecurityPolicy is None - using username/password or X509-based authentication - the server has a defect causing it to send null/empty or zeroed nonces Patches The problem has been...

Apple OS X Kerberos Authentication Credential Replay Vulnerability

Apple OS X is an operating system developed by Apple Inc. An authentication vulnerability exists in Apple OS X Kerberos credentials, which allows remote attackers to exploit the vulnerability to replay Kerberos to an SMB server...