60 matches found
netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation
A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...
CVE-2026-13223
Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...
Important: Red Hat Security Advisory: tomcat security update
An update for tomcat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
FreeBSD : FreeBSD -- Insufficient response validation in the ldns stub resolver (fc0c7763-6477-11f1-958d-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fc0c7763-6477-11f1-958d-bc241121aa0a advisory. When used as a stub resolver over UDP, ldns failed to verify that a received response belonged to the...
tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation
A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol OCSP responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability...
CVE-2026-7009
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine...
CVE-2026-43047
In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Check to ensure report responses match the request It is possible for a malicious or clumsy device to respond to a specific report's feature request using a completely different report ID. This can cause confusio...
DEBIAN-CVE-2026-32144
Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in publickey:pkixocspvalidate/5 does not verify that a CA-designated responder certificate...
tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation
A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol OCSP responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability...
Apache Druid Authentication Bypass Vulnerability
Apache Druid is the United States Apache Apache Foundation of a use of the Java language , written in column-oriented open source distributed database . Apache Druid has a security vulnerability that originates from improper validation of LDAP authentication responses, which could lead to...
PT-2026-2838
The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to an improper validation logic in the check payhere response function in all versions up to, and including, 2.3.9. This makes it possible for unauthenticated attackers t...
CVE-2020-10885
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results...
PT-2025-47320
Name of the Vulnerable Software and Affected Versions WhatsApp for iOS versions prior to 2.25.23.73 WhatsApp Business for iOS versions prior to 2.25.23.82 WhatsApp for Mac versions prior to 2.25.23.83 Description A flaw exists in the validation of rich response messages. This could allow a user t...
Facebook WhatsApp 安全漏洞
Facebook WhatsApp is a suite of mobile applications from Facebook Inc. in the United States that are based on the Android platform and utilize the network to deliver text messages. The application uses contact information in a smartphone to find contacts using the software to send texts, images,...
EUVD-2016-5629
Malware in sbrugna...
EUVD-2018-12672
Malware in sbrugna...
EUVD-2020-0457
Malware in sbrugna...
EUVD-2020-17068
Malware in sbrugna...
EUVD-2024-31913
Malicious code in bioql PyPI...
EUVD-2022-4142
Malicious code in bioql PyPI...