Samba 数据伪造问题漏洞

Samba is an open-source suite of standard Windows interoperability programs for Linux and Unix systems. Samba has a vulnerability related to data falsification, which stems from the automatic certificate registration group policy processing. This process involves retrieving CA certificates via...

CVE-2026-43968

CVE-2026-43968 involves an CRLF injection in ninenines/cowlib, triggered by the SSE encoding path cow_sse:event/1. The root cause is improper neutralization of CRLF sequences: while id and event fields guard against \n, bare \r is not sanitized, and prefix_lines/2 used for data and comment fields...

Hitachi FOXMAN-UN Security Vulnerability

Hitachi FOXMAN-UN is a powerful toolset for a comprehensive NMS suite from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi FOXMAN-UN that originates from a vulnerability that allows an attacker to intercept or forge data exchanges between a client and a server...

Google Android 数据伪造问题漏洞

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in Google Android versions prior to 12. The vulnerability stems from an incorrect programmatic call to an advanced local procedure. An attacker could use this vulnerability to...

Schneider Electric spaceLYnk和homeLYnk 数据伪造问题漏洞

Schneider Electric homeLYnk and spaceLYnk are both automation programming software for different logic controllers from Schneider Electric, France. A security vulnerability exists in Schneider Electric homeLYnk and spaceLYnk. An attacker can exploit the vulnerability to execute arbitrary code in...

jsrsasign package 数据伪造问题漏洞

jsrsasign package is an open source encryption library from the Japanese personal developer Kenji Urashima . A security vulnerability exists in Node.js jsrsasign package prior to 10.1.13, which stems from some invalid RSA pkc. No details of the vulnerability are provided at this time...

Unauthorized Access Vulnerability in uni-app of Digital Paradise (Beijing) Network Technology Co.

uni-app is a framework for developing all front-end applications using Vue.js, developers write a set of code that can be published to H5, and a variety of small programs WeChat/Alipay/Baidu/Headline/QQ/Pin/Nail/Taobao, fast apps and other platforms, and can be directly packaged in HBuilderX to...

Cisco IOS XE Data Forgery Issue Vulnerability (CNVD-2020-31991)

Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. A data forgery vulnerability exists in software image validation in Cisco IOS XE, which arises from a program not properly checking the code area used to manage the digital signatu...

Code injection

Since "algorithm" isn't enforced in jwt.decodein jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key...