Lucene search
K

1387 matches found

CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

ex_webrtc 信任管理问题漏洞

exwebrtc is an open-source WebRTC library based on Elixir language, developed by Elixir WebRTC. Versions of exwebrtc prior to 0.15.1 and 0.16.1 contained a trust management vulnerability. This vulnerability stemmed from the lack of peer certificate fingerprint verification in the DTLS client role...

8.7CVSS5.8AI score0.00255EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/13 2:3 a.m.15 views

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/11 6:45 p.m.10 views

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References5
OSV
OSV
added 2026/05/08 5:8 p.m.71 views

GHSA-QWFW-GGXW-577C ex_webrtc client-role handshake is missing DTLS peer fingerprint validation

Summary Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with...

8.7CVSS6AI score0.00255EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/08 5:8 p.m.10 views

ex_webrtc client-role handshake is missing DTLS peer fingerprint validation

Summary Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with...

8.7CVSS6AI score0.00255EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39291

Name of the Vulnerable Software and Affected Versions Elixir WebRTC versions prior to 0.15.1 Elixir WebRTC versions prior to 0.16.1 Description Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. When acting as th...

8.7CVSS5.9AI score0.00255EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/05/07 6:1 a.m.11 views

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References5
HackRead
HackRead
added 2026/05/04 9:48 a.m.20 views

7 Key Features That Make Secure Browsers Safer

Secure Browsers boost safety with tracking blocks, fingerprint protection, session control, and real-time threat defense against modern web attacks...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 2:0 p.m.8 views

Malicious code in @internal-infra/core-sso-bridge (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 2:0 p.m.8 views

Malicious code in @enterprise-core/auth-gateway-bridge (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 2:0 p.m.12 views

Malicious code in react-native-parallax-scroll-view-updated (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/04/29 2:0 p.m.6 views

MAL-2026-3255 Malicious code in @enterprise-core/auth-gateway-bridge (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 2:0 p.m.8 views

Malicious code in internal-auth-provider (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 2:0 p.m.7 views

Malicious code in @omni-corp-infra/sso-bridge-core (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/04/29 2:0 p.m.7 views

MAL-2026-3254 Malicious code in @corp-infra/sso-gateway-core (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/04/29 2:0 p.m.6 views

MAL-2026-3256 Malicious code in @internal-infra/core-sso-bridge (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/04/29 2:0 p.m.7 views

MAL-2026-3260 Malicious code in google-storage-cloud (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 2:0 p.m.11 views

Malicious code in enterprise-auth-gateway-core (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 2:0 p.m.7 views

Malicious code in @corp-infra/sso-gateway-core (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/04/29 2:0 p.m.9 views

MAL-2026-3261 Malicious code in internal-auth-provider (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

5.9AI score
Exploits0References1
Rows per page
Query Builder