7589 matches found
USN-8037-1 dnsdist vulnerabilities
It was discovered that HTTP/2, which is used/vendored by DNSdist, did not properly account for resources when handling client-triggered stream resets. An attacker could possibly use this issue to cause a denial of service. CVE-2025-8671 It was discovered that DNSdist did not properly manage memor...
USN-8037-1: DNSdist vulnerabilities
It was discovered that HTTP/2, which is used/vendored by DNSdist, did not properly account for resources when handling client-triggered stream resets. An attacker could possibly use this issue to cause a denial of service. CVE-2025-8671 It was discovered that DNSdist did not properly manage memor...
CVE-2026-26214
Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOWALLHOSTNAMEVERIFIER, which accep...
CVE-2026-26214
The CVE describes a TLS hostname verification flaw in Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android)
CVE-2026-0651
A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization fails. An attacker...
CVE-2026-0651
A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization fails. An attacker...
CVE-2026-0651 Path Traversal on TP-Link Tapo D235 and C260 via Local https
A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization fails. An attacker...
CVE-2026-0651
A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization fails. An attacker...
CVE-2026-25651
client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...
client-certificate-auth Vulnerable to Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect
Summary Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. Vulnerable Code javascript //...
CVE-2026-25651 client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect
client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...
CVE-2026-25651 client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect
client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...
CVE-2026-25651
client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...
client-certificate-auth 输入验证错误漏洞
client-certificate-auth is a middleware developed by Tony Gies for implementing client SSL certificate authentication. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain vulnerabilities related to input validation errors. These vulnerabilities stem from the middleware automatically...
Malicious Package
Overview https-servers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-769 Malicious code in https-servers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a36dcc502283d554435cbf1426fd49634a8889c0839134cb84847739226aee3b The package https-servers was found to contain malicious code. Source: ghsa-malware 36ca75a183037ab06a63d3ba308f3fe6f3207772c7b77df966768e3f10e15c00...
Malicious code in https-servers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a36dcc502283d554435cbf1426fd49634a8889c0839134cb84847739226aee3b The package https-servers was found to contain malicious code. Source: ghsa-malware 36ca75a183037ab06a63d3ba308f3fe6f3207772c7b77df966768e3f10e15c00...
Malicious code in https-emailjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8aff232c81a7253eeb9e10075207aebc5908976a9a1adf6009d750b444467db The package https-emailjs was found to contain malicious code. Source: ghsa-malware e6feff6e256b4c145082869f4ce5f64f2a2a15cab09caeef3e3d5735188aa0f6...
MAL-2026-724 Malicious code in https-emailjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8aff232c81a7253eeb9e10075207aebc5908976a9a1adf6009d750b444467db The package https-emailjs was found to contain malicious code. Source: ghsa-malware e6feff6e256b4c145082869f4ce5f64f2a2a15cab09caeef3e3d5735188aa0f6...
Malicious Package
Overview https-emailjs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...