SUSE CVE-2025-59353

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager's Certificate gRPC service does not...

EUVD-2025-29767

Malicious code in bioql PyPI...

CVE-2025-59353

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the Certificate gRPC service not validating whether the requested IP addresses are associated with the requesting peer. An attacker can obtain valid mTLS certificates for arbitrary IP addresses by...

CVE-2025-59353 Manager generates mTLS certificates for arbitrary IP addresses

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not...

Dragonfly 安全漏洞

Dragonfly is an open source framework from DragonflyDB that allows dynamic processing of any content type. A security vulnerability exists in Dragonfly versions prior to 2.1.0, which stems from the Manager's Certificate gRPC service not verifying that the requesting IP address belongs to the peer...

Microsoft Windows Active Directory Certificate Service Security Feature Bypass Vulnerability

Microsoft Windows Active Directory is a centralized directory management service from Microsoft Corporation USA that is responsible for architecting large network environments. Microsoft Windows Active Directory is vulnerable to a certificate service security feature bypass. No details of the...

ADCSPwn - A Tool To Escalate Privileges In An Active Directory Network By Coercing Authenticate From Machine Accounts And Relaying To The Certificate Service

A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts Petitpotam and relaying to the certificate service. Usage Run ADCSPwn on your target network. authentication will be relayed to. Optional arguments: port - The port ADCSPwn will listen on...

漫游用友集团各大系统

简要描述： 漫游用友集团各大系统 详细说明： 在一个月黑风高的夜晚，用友某员工的集团办公平台账号，悄悄地泄露了。 // Send message Transport transport=session.getTransport; transport.connect"192.168.210.160" , 25, "ch2","1r"; transport.sendMessagemessage,new Addressnew InternetAddress"[email protected]" ; transport.close;...