27019 matches found
CVE-2026-32627 cpp-httplib has a Silent TLS Certificate Verification Bypass on HTTPS Redirect via Proxy
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...
CVE-2026-3559
Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific...
CVE-2026-32745
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...
DEBIAN-CVE-2026-23943
Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...
FreePBX filestore authenticated command injection
This module exploits an authenticated command injection vulnerability CVE-2025-64328 in the FreePBX filestore module. The filestore module allows administrators to configure remote file storage backends SSH, FTP, etc. for backup and file management purposes. The vulnerability exists in the SSH...
CVE-2026-32745
JetBrains Datalore is affected prior to version 2026.1. The vulnerability arises from missing the Secure attribute on cookie settings, enabling session hijacking. No exploit details are provided in the documents. Affected product: JetBrains Datalore; root cause: cookie security attribute misconfi...
CVE-2026-32745
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...
Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network VPN clients distributed through search engine optimization SEO poisoning techniques. "The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on...
CVE-2026-23943
Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...
EEF-CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate
Summary Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh ssh\transport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads...
EEF-CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd
Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses...
ABB AWIN Gateways
SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves the reported vulnerabilities. AWIN gateways are not intended to be internet-facing. An attacker who successfully exploited this vulnerability could take...
PT-2026-25323
CVE-2026-32745 In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings https://t.co/5G9cZc08Tr...
PT-2026-25165
Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9 Description An issue exists in Erlang OTP ssh ssh transport modules that allows for Denial of Service via Resource Depletion. The SSH transport layer, by...
Defensible Design for OpenClaw: Securing Autonomous Tool-Invoking Agents
OpenClaw-like agents offer substantial productivity benefits, yet they are insecure by default because they combine untrusted inputs, autonomous action, extensibility, and privileged system access within a single execution loop. We use OpenClaw as an exemplar of a broader class of agents that...
PT-2026-25164
Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9 Description An improper limitation of a pathname to a restricted directory, specifically a 'Path Traversal' issue, exists in the Erlang OTP ssh sftpd module...
Angular 跨站脚本漏洞
Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions of Angular prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20 have a cross-site scripting vulnerability. This...
📄 FreePBX Filestore Authenticated Command Injection
This Metasploit module exploits an authenticated command injection vulnerability in the FreePBX filestore module. The filestore module allows administrators to configure remote file storage backends SSH, FTP, etc. for backup and file management purposes. The vulnerability exists in the SSH driver...
CVE-2026-3497
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...
EUVD-2026-11581
A vulnerability allowing a low-privileged user to extract saved SSH credentials...