Mercusys AC12G 安全漏洞

The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. The Mercusys AC12G EU V1 AC12G EU V1 version has security vulnerabilities. These vulnerabilities stem from unvalidated HTTP header verification, which may allow external attackers to exploit the CORS wildcar...

The vulnerability was concealed in Starlette

There is a vulnerability in Starlette, a Python library for developing web services. Starlette is used by various products, including FastAPI. An unauthorized malicious actor can exploit this vulnerability to bypass authentication checks. This allows the malicious actor to access protected URL...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the lack of exposure of the HMAC-SHA256 signing key in the SDK's typed API, which prevents verification of the X-AxonFlow-Signature header on incoming webhook deliveries. An attack...

PT-2026-31417

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...

CVE-2026-33143

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...

CLSA-2026-1772444161 python2: Fix of 2 CVEs

CVE-2026-1299: raise exceptions for malformed input to prevent processing invalid or dangerous headers - CVE-2024-6923: encode newlines in headers and verify headers are sound...

CLSA-2026-1771925958 python2: Fix of 2 CVEs

CVE-2026-1299: reject email header values containing newlines without whitespace to prevent header injection and info leak via the buffer protocol - CVE-2024-6923: ensure email headers are encoded and verified correctly, raising exceptions for malformed input to prevent processing of invalid or...

EUVD-2018-6290

Malware in sbrugna...

CVE-2023-43531

Memory corruption while verifying the serialized header when the key pairs are generated...

CLSA-2024-1734643101 Fix CVE(s): CVE-2024-6923

SECURITY UPDATE: Improper newline quoting in email module header serialization - debian/patches/CVE-2024-6923.patch: Encode newlines in headers and verify headers to be sound - CVE-2024-6923...

Mutt 安全漏洞

Mutt is a text-based e-mail client for Unix-like systems developed by Michael Elkins. A security vulnerability exists in Mutt, which stems from the To and Cc e-mail headers not being verified by cryptographic signatures, thereby compromising the confidentiality of the e-mail...

CVE-2024-43683 Improper verification of the Host header in TimeProvider 4100

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0...

CVE-2023-43531

Memory corruption while verifying the serialized header when the key pairs are generated...

CVE-2023-43531

CVE-2023-43531 describes memory corruption during validation of serialized headers when generating key pairs, affecting Qualcomm chipsets (including Qualcomm closed‑source components). The root cause is memory corruption in the header verification step during key pair generation. Impact is listed...

SUSE CVE-2013-6666

The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepperflashrendererhost.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing CORS simple headers before proceeding with a PPBFlash.Navigate operation, which might allow remot...

Remote Code Execution

tailscale is vulnerable to remote code execution. The library does not have host header verification, which allows an attacker-controlled coordination server to send malicious URL responses to the client, including pushing executables or installing an SMB share...

Authorization

Insufficient verification of multiple header signatures while loading a Trusted Application TA may allow an attacker with privileges to gain code execution in that TA or the OS/kernel...

WordPress plugin Titan Anti-spam & Security 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Memory corruption

Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables...

UBUNTU-CVE-2016-6271

The Bzrtp library aka libbzrtp 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception...