CVE-2026-45574 epa4all-client: TLS Certificate Validation Disabled in Production

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

EUVD-2015-5781

Malware in sbrugna...

COROS PACE 3 安全漏洞

COROS PACE 3 is a GPS sports watch from COROS China. A security vulnerability exists in COROS PACE 3 3.0808.0 and earlier versions, which originates from unencrypted WLAN communication and could lead to a man-in-the-middle attack...

nodejs: integrity checks according to policies can be circumvented

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...

EZZY APP Android version of the deposit function module has a payment design loophole

EZZY APP is a car intelligent sharing platform APP created by Beijing Daimeng Technology Co. The Android version of EZZY APP has a vulnerability in the amount payment design. After logging into the system, an attacker can arbitrarily modify the size of the payment amount by clicking on the paymen...

CVE-2016-1672

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...

TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...

CVE-2015-5835

Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme...

Design/Logic Flaw

Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme...

CVE-2015-5835

Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme...

CVE-2015-5835

CVE-2015-5835 corresponds to an inter-app communication interception vulnerability in Apple iOS prior to 9.0, enabling a crafted app to obtain sensitive information by abusing URL scheme handling. The issue is described as a local/inter-app access risk where a malicious app could intercept URL sc...