12 matches found
CVE-2026-8890 code100x Mobile API Authentication Bypass via Header Spoofing
code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...
EUVD-2026-31953
code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...
CVE-2025-65945 auth0/node-jws improper HMAC signature verification vulnerability
auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...
Improper Verification of Cryptographic Signature
Overview jws is an Implementation of JSON Web Signatures Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the createVerify function when using HS256 HMAC algorithms and incorporating user-provided data from the JSON Web Signature Protected...
IoT-AMLHP: Aligned Multimodal Learning of Header-Payload Representations for Resource-Efficient Malicious IoT Traffic Classification
Traffic classification is crucial for securing Internet of Things IoT networks. Deep learning-based methods can autonomously extract latent patterns from massive network traffic, demonstrating significant potential for IoT traffic classification tasks. However, the limited computational and spati...
CVE-2025-21442
Memory corruption while transmitting packet mapping information with invalid header payload size...
PT-2025-15215 · Qualcomm · Snapdragon +22
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue involves memory corruption that occurs when transmitting packet mapping information with an invalid header payload size. Recommendations: At the moment, there is no information abo...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Nmap Log4Shell NSE script for discovery Apache Log4j RCE CVE-...
JEESNS 跨站脚本漏洞
JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web script or HTML via a specially crafted payload in the header...
WayangCMS Cross-Site Scripting Vulnerability
WayangCMS is a software application. A website CMS. WayangCMS suffers from a cross-site scripting vulnerability that originates from a cross-site scripting XSS vulnerability in index.php of WayangCMS v1.0. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by adding...
WayangCMS 跨站脚本漏洞
WayangCMS is a software application. A website CMS. WayangCMS suffers from a cross-site scripting vulnerability that originates from a cross-site scripting XSS vulnerability in index.php of WayangCMS v1.0. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by adding...
Useragent Denial of Service Vulnerability
Useragent is a user agent parser that parses user agent strings by matching browsers with specialized regular expressions. A security vulnerability exists in Useragent 2.1.12 and earlier versions, which stems from the program's use of regular expressions to parse user agent packet headers. The...