91 matches found
CVE-2026-56256
Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...
CVE-2026-56256
Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...
CVE-2026-45575
The CVE concerns the epa4all-client Java client for epa4all/ePA 3.0. Before 1.2.2, an attacker who can perform a TLS man-in-the-middle between the client and the IDP within the TI network can substitute a forged discovery document. This redirects uri_puk_idp_enc and uri_puk_idp_sig to attacker-co...
CVE-2026-6177
creationtimestamp| type| source ---|---|--- 2026-05-13 15:40:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlqnb4s65q2q 2026-05-15 03:50:46+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mlugiqwy3k2a 2026-05-16 18:32:05+00:00| seen|...
CVE-2026-41337
OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during...
CVE-2026-31453
The CVE-2026-31453 issue affects the Linux kernel XFS path. The root cause is use-after-free-like behavior: after xfsaild_push_item() calls iop_push(), the log item could be freed if the AIL lock is dropped, allowing a freed log item to be dereferenced by tracepoints in the switch that follow. Th...
[SECURITY] Fedora 43 Update: wireshark-4.6.4-1.fc43
Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...
CVE-2026-2540
The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used stale rolling codes and execute a command...
CVE-2026-2540
The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used stale rolling codes and execute a command...
CVE-2026-22082 Insecure Session ID Management Vulnerability in Tenda Wireless Routers
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and...
CVE-2025-61739
Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets...
EUVD-2025-204703
Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets...
EUVD-2016-5735
Malware in sbrugna...
EUVD-2019-3516
Malware in sbrugna...
EUVD-2021-12418
Malware in sbrugna...
WakaTime: Session Replay Attack Allows Authentication Bypass via Captured Login Responses Allowing Bypass of 429 Too many attempts for Multiple Failed Logins
Summary An attacker can bypass authentication by capturing a valid login response including session cookies/tokens and replaying it during a failed login attempt with incorrect credentials. The server fails to invalidate or validate session tokens properly, allowing unauthorized access even after...
CVE-2025-32227
creationtimestamp| type| source ---|---|--- 2025-04-10 08:48:56+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11210 2025-04-10 11:10:42+00:00| seen| https://t.me/cvedetector/22633...
CVE-2025-1492 Uncontrolled Recursion in Wireshark
Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file...
AutomationDirect DirectLogic H2-DM1E 安全漏洞
AutomationDirect DirectLogic H2-DM1E is a programmable logic controller from AutomationDirect. A security vulnerability exists in AutomationDirect DirectLogic H2-DM1E version 2.8.0 and prior versions, which stems from the presence of a session hijacking attack that allows an attacker to inject...
EulerOS Virtualization 2.12.1 : python-cryptography (EulerOS-SA-2024-2315)
According to the versions of the python-cryptography package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured message...