Lucene search
K

26 matches found

OSV
OSV
added 2026/06/10 7:33 p.m.6 views

GHSA-QVV5-JQ5G-4CGG Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload

Impact Any baileys session under the latest version false in socket config. There are no workarounds for the app state sync jamming...

9.3CVSS5.4AI score0.00018EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 7 : gnupg2-2.0.22-5.el7 (AXSA:2018-3256:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-3256:01 advisory. gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification CVE-2018-12020 Tenable has...

7.5CVSS7.2AI score0.08654EPSS
Exploits0References2
Veracode
Veracode
added 2025/12/13 4:19 a.m.5 views

Phishing Attack

Keycloak is vulnerable to a phishing attack. The vulnerability is due to unsanitized user-controlled input in the errordescription query parameter being rendered directly in trusted error pages, which allows an attacker to craft misleading URLs that display fake messages, links, or contact detail...

4.3CVSS6.9AI score0.00291EPSS
Exploits0References12Affected Software2
Malwarebytes
Malwarebytes
added 2025/10/02 8:50 a.m.5 views

Sendit tricked kids, harvested their data, and faked messages, FTC claims

The Federal Trade Commission FTC has sued Sendit’s parent company, saying it signed up children under 13, collected their personal data, and misled them with fake messages and recurring bills. The lawsuit, filed against the app's owner Iconic Hearts Holdings Inc and CEO Hunter Rice, alleges the...

6.4AI score
Exploits0
RustSec
RustSec
added 2024/05/22 12:0 p.m.10 views

Refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

5.4CVSS7.1AI score0.00448EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/06 12:0 a.m.7 views

The vulnerability in the software implementation of the SAML protocol simpleamlphp/saml2 and the XML document security processing programs simpleamlphp/xml-security, related to insufficient verification of data authenticity, allows a perpetrator to create false SAML messages.

The vulnerability of the SAML protocol implementation in simpleamlphp/saml2 and the XML document security processing in simpleamlphp/xml-security is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor to create a fake SAML message...

6.8CVSS6.8AI score0.00193EPSS
Exploits1References4Affected Software2
NVD
NVD
added 2023/10/25 6:17 p.m.18 views

CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...

8.8CVSS8.5AI score0.00447EPSS
Exploits0References1
Prion
Prion
added 2023/10/25 6:17 p.m.21 views

Authentication flaw

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...

5.8CVSS8.3AI score0.00447EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/25 2:18 p.m.17 views

CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...

8.8CVSS8.6AI score0.00447EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.6 views

PT-2023-29731 · Google · Android Client

Name of the Vulnerable Software and Affected Versions: Android Client affected versions not specified Description: The issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker. This enables the attacker to send fake messages to the HMI device, as the...

8.8CVSS8.5AI score0.00447EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.12 views

Bosch ctrlX HMI Web Panel WR21 Access Control Error Vulnerability

Bosch ctrlX HMI Web Panel WR21 is an HMI panel from Bosch Germany. A security vulnerability exists in the ctrlX HMI Web Panel WR21 version, which originates from a vulnerability that allows an attacker to force an Android Agent application to connect to a malicious MQTT proxy and send a fake...

8.8CVSS6.7AI score0.00447EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/07/18 12:0 a.m.31 views

EulerOS 2.0 SP10 : git (EulerOS-SA-2023-2354)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by...

7.8CVSS7.1AI score0.52164EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2023/07/09 12:0 a.m.26 views

EulerOS 2.0 SP9 : git (EulerOS-SA-2023-2332)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by...

7.8CVSS7.1AI score0.52164EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2023/04/27 12:0 a.m.24 views

SUSE SLED15: git / git-arch / git-core / git-credential-gnome-keyring / etc (SUSE-SU-2023:2038-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2038-1 advisory. - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree bsc1210686. -...

7.8CVSS6.9AI score0.52164EPSS
Exploits2References8
OSV
OSV
added 2023/04/25 8:15 p.m.2 views

DEBIAN-CVE-2023-25815

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...

2.2CVSS6.3AI score0.01055EPSS
Exploits0References1
OSV
OSV
added 2023/04/25 8:15 p.m.2 views

ALPINE-CVE-2023-25815

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...

2.2CVSS6.3AI score0.01055EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/04/25 7:51 p.m.41 views

CVE-2023-25815

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...

3.3CVSS4.2AI score0.01055EPSS
Exploits0
Veracode
Veracode
added 2022/09/29 6:47 a.m.30 views

Spoofing Attack

matrix-js-sdk is vulnerable to spoofing attacks. The vulnerability exists due to a lack of sanitization of the secret key sent during self-verification, allowing an attacker to send fake to-device messages appearing to originate from another user...

8.6CVSS7.8AI score0.00865EPSS
Exploits0References5Affected Software5
Prion
Prion
added 2022/09/28 8:15 p.m.22 views

Design/Logic Flaw

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

5CVSS7.5AI score0.0072EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2022/08/05 10:24 a.m.42 views

Emergency Alert System Flaws Could Let Attackers Transmit Fake Messages

The U.S. Department of Homeland Security DHS has warned of critical security vulnerabilities in Emergency Alert System EAS encoder/decoder devices. If left unpatched, the issues could allow an adversary to issue fraudulent emergency alerts over TV, radio, and cable networks. The August 1 advisory...

0.1AI score
Exploits0
Rows per page
Query Builder