CVE-2026-33569

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...

EUVD-2026-11685

Undici has an HTTP Request/Response Smuggling issue...

BIT-NGINX-GATEWAY-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

Linux Distros Unpatched Vulnerability : CVE-2020-24661

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates e.g., self-signed certificate...

USN-7104-1 curl vulnerability

It was discovered that curl could overwrite the HSTS expiry of the parent domain with the subdomain's HSTS entry. This could lead to curl switching back to insecure HTTP earlier than otherwise intended, resulting in information exposure...

PT-2022-23374 · Obsidian · Obsidian

Name of the Vulnerable Software and Affected Versions: Obsidian versions 0.14.x through 0.15.4 Description: The issue allows remote code execution due to the use of window.open without checking the URL, specifically with the obsidian://hook-get-address protocol. This can lead to unauthorized code...

Rewards can be migrated to an arbitrary address at anytime by owner

Handle 0xRajeev Vulnerability details Impact The migrateRewards function which is onlyOwner takes recipient and amount parameters, which effectively allows owner to migrate the contract’s entire rewardToken balance at any time to that address. While the stated purpose is that this “Allows to...

PT-2015-3369 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS version 5.0 Patch 7 build 4457 Description: The CAPWAP DTLS protocol implementation in FortiOS uses the same certificate and private key across different customers' installations. However, according to FG-IR-15-002, the Fortinet Facto...

tomcat5 SSO cookie login information disclosure

The SingleSignOn Valve org.apache.catalina.authenticator.SingleSignOn in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

ROS-2-2149

2.2149 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...