PT-2026-41094

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description An inappropriate implementation in Downloads allows an attacker to perform UI spoofing via a crafted Chrome Extension, provided they can convince a user to install a malicious...

CVE-2024-34113 ColdFusion | Weak Cryptography for Passwords (CWE-261)

ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the...

CVE-2024-34113

Adobe ColdFusion is affected by CVE-2024-34113 (Weak Cryptography for Passwords) affecting ColdFusion 2023u7, 2021u13 and earlier. The issue stems from insufficiently strong cryptographic algorithms or flawed implementation used for password protection, enabling potential decryption or guessing o...

CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential

Summary The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that...

Ascii allows out-of-bounds array indexing in safe code

Affected version of this crate had implementation of From for &mut u8 and &mut str. This can result in out-of-bounds array indexing in safe code. The flaw was corrected in commit 8a6c779 by removing those impls...

Design/Logic Flaw

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways those that use intermediary states like isNotification or isRedirect, if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as...

NPM arborist 后置链接漏洞

NPM arborist is a software package from the American company npm NPM. It is used to visualize hierarchical data stored as flat lists. NPM arborist suffers from a backlink vulnerability that originates from an improperly designed or implemented code development process for a networked system or...

Flawed Implementation of RCS Standard putting data of millions at risk

By Waqas The Rich Communication Services RCS messaging standard is used by almost every phone carrier around the globe... This is a post from HackRead.com Read the original post: Flawed Implementation of RCS Standard putting data of millions at risk...

Updated not-yet-commons-ssl packages fix CVE-2014-3604

Updated not-yet-commons-ssl packages fixes security vulnerability: It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle MITM...