Lucene search
K

12 matches found

Vulnrichment
Vulnrichment
added 2026/05/26 6:23 p.m.12 views

CVE-2026-8890 code100x Mobile API Authentication Bypass via Header Spoofing

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

8.8CVSS5.9AI score0.0049EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/26 6:23 p.m.16 views

EUVD-2026-31953

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

8.8CVSS5.9AI score0.0049EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/04 6:45 p.m.2 views

CVE-2025-65945 auth0/node-jws improper HMAC signature verification vulnerability

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...

7.5CVSS6.2AI score0.002EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/04 4:54 p.m.5 views

Improper Verification of Cryptographic Signature

Overview jws is an Implementation of JSON Web Signatures Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the createVerify function when using HS256 HMAC algorithms and incorporating user-provided data from the JSON Web Signature Protected...

8.2CVSS6.9AI score0.002EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/04/20 12:0 a.m.7 views

IoT-AMLHP: Aligned Multimodal Learning of Header-Payload Representations for Resource-Efficient Malicious IoT Traffic Classification

Traffic classification is crucial for securing Internet of Things IoT networks. Deep learning-based methods can autonomously extract latent patterns from massive network traffic, demonstrating significant potential for IoT traffic classification tasks. However, the limited computational and spati...

6.8AI score
Exploits0
NVD
NVD
added 2025/04/07 11:15 a.m.15 views

CVE-2025-21442

Memory corruption while transmitting packet mapping information with invalid header payload size...

7.8CVSS0.00093EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.6 views

PT-2025-15215 · Qualcomm · Snapdragon +22

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue involves memory corruption that occurs when transmitting packet mapping information with an invalid header payload size. Recommendations: At the moment, there is no information abo...

7.8CVSS6.4AI score0.00093EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2021/12/13 8:17 p.m.39 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Nmap Log4Shell NSE script for discovery Apache Log4j RCE CVE-...

10CVSS8.2AI score0.99999EPSS
Exploits350
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.6 views

JEESNS 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web script or HTML via a specially crafted payload in the header...

5.4CVSS6AI score0.00687EPSS
Exploits1References3
CNVD
CNVD
added 2021/07/15 12:0 a.m.4 views

WayangCMS Cross-Site Scripting Vulnerability

WayangCMS is a software application. A website CMS. WayangCMS suffers from a cross-site scripting vulnerability that originates from a cross-site scripting XSS vulnerability in index.php of WayangCMS v1.0. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by adding...

6.1CVSS5.7AI score0.00662EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/07/14 12:0 a.m.6 views

WayangCMS 跨站脚本漏洞

WayangCMS is a software application. A website CMS. WayangCMS suffers from a cross-site scripting vulnerability that originates from a cross-site scripting XSS vulnerability in index.php of WayangCMS v1.0. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by adding...

6.1CVSS5.7AI score0.00662EPSS
Exploits1References1
CNVD
CNVD
added 2018/06/15 12:0 a.m.6 views

Useragent Denial of Service Vulnerability

Useragent is a user agent parser that parses user agent strings by matching browsers with specialized regular expressions. A security vulnerability exists in Useragent 2.1.12 and earlier versions, which stems from the program's use of regular expressions to parse user agent packet headers. The...

7.5CVSS7.4AI score0.01162EPSS
Exploits1References1
Rows per page
Query Builder