1387 matches found
ex_webrtc 信任管理问题漏洞
exwebrtc is an open-source WebRTC library based on Elixir language, developed by Elixir WebRTC. Versions of exwebrtc prior to 0.15.1 and 0.16.1 contained a trust management vulnerability. This vulnerability stemmed from the lack of peer certificate fingerprint verification in the DTLS client role...
webkitgtk: A maliciously crafted webpage may be able to fingerprint the user
A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...
webkitgtk: A maliciously crafted webpage may be able to fingerprint the user
A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...
GHSA-QWFW-GGXW-577C ex_webrtc client-role handshake is missing DTLS peer fingerprint validation
Summary Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with...
ex_webrtc client-role handshake is missing DTLS peer fingerprint validation
Summary Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with...
PT-2026-39291
Name of the Vulnerable Software and Affected Versions Elixir WebRTC versions prior to 0.15.1 Elixir WebRTC versions prior to 0.16.1 Description Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. When acting as th...
webkitgtk: A maliciously crafted webpage may be able to fingerprint the user
A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...
7 Key Features That Make Secure Browsers Safer
Secure Browsers boost safety with tracking blocks, fingerprint protection, session control, and real-time threat defense against modern web attacks...
Malicious code in @internal-infra/core-sso-bridge (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
Malicious code in @enterprise-core/auth-gateway-bridge (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
Malicious code in react-native-parallax-scroll-view-updated (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
MAL-2026-3255 Malicious code in @enterprise-core/auth-gateway-bridge (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
Malicious code in internal-auth-provider (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
Malicious code in @omni-corp-infra/sso-bridge-core (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
MAL-2026-3254 Malicious code in @corp-infra/sso-gateway-core (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
MAL-2026-3256 Malicious code in @internal-infra/core-sso-bridge (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
MAL-2026-3260 Malicious code in google-storage-cloud (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
Malicious code in enterprise-auth-gateway-core (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
Malicious code in @corp-infra/sso-gateway-core (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
MAL-2026-3261 Malicious code in internal-auth-provider (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...