4 matches found
CVE-2026-0248 Prisma Access Agent: Improper Certificate Validation Vulnerability
An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can...
Discourse 安全漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse. An attacker exploited the vulnerability to inject iframes from any domain, thereby bypassing...
ETHRegistrarController._setRecords can register invalid domains and to some degree, its possible to register any domain name
Lines of code Vulnerability details Impact 1. Register invalid domains at Registrar. 2. It's possible to register any domain name. Proof of Concept ETHRegistrarController.setRecords call function at address resolveruser input with call data bytes calldata datauser input. So it can bypass any meth...
GHSA-MR5M-2385-2VCP xdlocalstorage does not verify request origin
An issue was discovered in xdLocalStorage through 2.0.5. The postData function in xdLocalStoragePostMessageApi.js specifies the wildcard as the targetOrigin when calling the postMessage function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and...