CVE-2026-40557 Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections

Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skiptlsvalidation by default it is...

PT-2026-5864

Name of the Vulnerable Software and Affected Versions IBM Cloud Pak System affected versions not specified Description The software does not set the secure attribute on authorization tokens or session cookies. This could allow attackers to obtain cookie values by sending an insecure HTTP link to ...

CVE-2024-41768

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state...

Tenda N300 安全漏洞

The Tenda N300 is a router from China-based Tenda. A security vulnerability exists in the Tenda N300 that stems from the lack of the HTTPOnly flag in the session cookie associated with the web-based management interface, which could allow a remote attacker to gain unauthorized access by capturing...

PT-2026-28363

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description Dovecot OTP authentication is susceptible to a replay attack under certain conditions. Specifically, if the authentication cache is enabled and a username is modified within the passdb, OTP credentia...

CVE-2025-11695

CVE-2025-11695 affects the MongoDB Rust Driver prior to v3.2.5. The root cause is that using tlsInsecure=False in a connection string disables certificate validation, enabling potential man-in-the-middle attacks over the network. The vulnerability is characterized with HIGH severity (CVSS metrics...

EUVD-2020-7065

Malware in sbrugna...

EUVD-2019-13275

Malware in sbrugna...

EUVD-2011-3319

Malware in sbrugna...

EUVD-2005-4698

Malware in sbrugna...

EUVD-2011-4334

Malware in sbrugna...

EUVD-2022-6846

Malicious code in bioql PyPI...

EUVD-2023-34946

Malicious code in bioql PyPI...

EUVD-2024-38905

Malicious code in bioql PyPI...

EUVD-2025-20485

Malicious code in bioql PyPI...

EUVD-2024-2592

Malicious code in bioql PyPI...

CVE-2025-30199

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station...

CVE-2025-30199

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station...

CVE-2025-30199 ECOVACS Vacuum and Base Station accept unsigned firmware

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station...

CVE-2025-30199

ECOVACS vacuum robot base stations are described as not validating firmware updates and operating over an insecure Wi‑Fi link with a deterministic WPA2‑PSK key that can be derived from the device serial number. This enables potential malicious over‑the‑air updates or code execution through the up...