6 matches found
CVE-2026-7971
Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
curl: MQTT CONNACK Packet Type Bypass leads to RCE via Malicious Broker
Summary: mqttverifyconnack in lib/mqtt.c never checks that the received packet type is actually a CONNACK 0x20. The constant MQTTMSGCONNACK is commented out at line 45, making the check impossible to write. A malicious broker can send any packet — e.g. PUBACK 0x40 — with remaininglength=2 and...
EUVD-2021-26752
Malware in sbrugna...
EUVD-2022-6556
Malicious code in bioql PyPI...
CVE-2021-3763
A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means...
snyk-broker information disclosure vulnerability
snyk-broker is a proxy program for access between snyk.io and Git repositories. A security vulnerability exists in snyk-broker versions prior to 4.79.0. The vulnerability can be exploited by an attacker to read parts of the Snyk internal network via the patch history in the GitHub Commits API...