CVE-2025-47779 Using malformed From header can forge identity with ";" or NULL in name portion

Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE RFC 3428 authentication do not get proper alignment. An authenticated attacker...

Forever CALL ME KW-50和Forever CALL ME KW-60 安全漏洞

The Forever CALL ME KW-50 and Forever CALL ME KW-60 are both children's phone watches from Forever. Forever CALL ME KW-50 R36YDRA3PWGM7SV1.02019071516.19.24cobh version and Forever CALL ME KW-60 R36CWYDES4A292V1.02023.05.2422.49.44 A security vulnerability exists in the cobb version that stems fr...

Hitachi Energy RTU500 信任管理问题漏洞

RTU500 is a series of industrial control components from Hitachi, Japan, mainly used for industrial control systems.RTU500 Scripting interface is part of Hitachi Energy RTU500 series of industrial control components, mainly used to provide scripting programming interface to realize specific...

Node.js third-party modules: [authmagic-timerange-stateless-core] Improper Authentication

I would like to report Improper Authentication in authmagic-timerange-stateless-core It allows to forge user's identity. Module module name: authmagic-timerange-stateless-core version: 0.0.9 npm page: https://www.npmjs.com/package/authmagic-timerange-stateless-core Module Description Stateless an...