CVE-2026-6272

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

SUSE CVE-2021-31228

An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests without sniffing the specific request. Data is...

Insecure Random Generator

github.com/miekg/dns uses an insecure random generation for transaction IDs. The default Id function uses an insecure math/rand function, resulting in predictable output and allowing an attacker to exploit the vulnerability to forge responses without being on path...

Httplab - Inspect HTTP Requests And Forge Responses

The interactive web server. HTTPLabs let you inspect HTTP requests and forge responses. Install Golang go get github.com/gchaincl/httplab go install github.com/gchaincl/httplab/cmd/httplab Archlinux yaourt httplab Snap FIXME On systems where snap is supported: snap install httplab Binary...

Huawei E5186 4G LTE Router Security Bypass Vulnerability

Huawei E5186 4G LTE Router is a 4G wireless router product from Huawei, China. The Huawei E5186 4G LTE Router allows DNS query packets to use static source ports, allowing remote attackers to exploit this vulnerability to forge responses...