54 matches found
CVE-2025-44016 File Hash Validation Bypass in NomadBranch.exe
A vulnerability in TeamViewer DEX Client former 1E client - Content Distribution Service NomadBranch.exe prior version 25.11 for Windows allows malicious actors to bypass file integrity validation via a crafted request. By providing a valid hash for a malicious file, an attacker can cause the...
CVE-2025-44016
CVE-2025-44016 – TeamViewer DEX Client (NomadBranch.exe) affects TeamViewer DEX Client Content Distribution Service on Windows prior to 25.11. A crafted request can bypass file integrity validation by supplying a valid hash for a malicious file, causing Nomad Branch to treat the file as trusted a...
EUVD-2021-21754
Malware in sbrugna...
EUVD-2025-5296
Malicious code in bioql PyPI...
PT-2025-40013
Name of the Vulnerable Software and Affected Versions NiceHash QuickMiner version 6.12.0 Description The software updates are performed over HTTP without validating digital signatures or hash checks. An attacker intercepting or redirecting traffic to the update URL can hijack the update process a...
MAL-2025-47521 Malicious code in sha256-validation-nextjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3290610bb31bf5689be7241b664ae5eb52b47b834fff3e2597c5ab75d88c4bec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2020-15262
In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-lev...
CVE-2025-32784
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized a...
CVE-2025-32784
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized a...
CVE-2025-32784 conda-forge-webservices has an Unauthorized Artifact Modification Race Condition
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized a...
CVE-2025-32784 conda-forge-webservices has an Unauthorized Artifact Modification Race Condition
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized a...
CVE-2025-20161 Cisco NX-OS Software Command Injection Vulnerability
A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating...
CVE-2025-20161
CVE-2025-20161 affects Cisco Nexus 3000/9000 NX-OS in standalone mode. A crafted software image can bypass validation and allow an authenticated local attacker with Administrator credentials to run arbitrary commands as root via a command-injection in the upgrade process. Root cause: insufficient...
PT-2025-8735 · Cisco · Cisco Nexus 3000 Series Switches +2
Name of the Vulnerable Software and Affected Versions: Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode affected versions not specified Description: The issue is related to insufficient validation of specific elements within a software image in the...
Cisco Nexus 3000 9000 Series Switches Comm Injection (cisco-sa-nxos-ici-dpOjbWxk)
According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid...
BIT-PHP-MIN-2023-0567 password_verify() always returns true for some invalid hashes
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...
Gitsign 安全漏洞
Gitsign is a tool from the individual developers of Gitsign that enables key-free completion of signing Git commits. A security vulnerability exists in Gitsign that stems from the fact that there is no additional validation to ensure that the hash of an entry matches the payload being validated...
CVE-2024-20478 Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...
CVE-2024-20478 Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...
CVE-2024-20478
Cisco APIC and Cisco Cloud Network Controller (formerly Cloud APIC) are affected by a vulnerability in the software upgrade component where insufficient signature validation of upgrade images could allow an authenticated administrator to install a modified image and achieve arbitrary code executi...