GHSA-C839-4QXR-J4X3 Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots

Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...

PT-2026-25954

CVE-2026-3856 IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integ… https://t.co/3y33wLJj0n...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 10.11.10 and earlier, including 10.11.x, have security vulnerabilities. These vulnerabilities stem from insufficient verification of the user’s authentication method wh...

EUVD-2018-7623

Malware in sbrugna...

TCPDF 安全漏洞

TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. A security vulnerability exists in TCPDF versions prior to 6.8.0, which stems from insecure settings of CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER...

Insecure Verication

libgrss is has insecure verification. The vulnerability exists due to a default behavior of SoupSessionSync which allows remote attackers to manipulate the contents of feeds without detection...

CVE-2020-26236

In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else's account on any site that uses ScratchVerifier for logins. A possible exploitation would follow these steps: 1. User starts login process. 2. Attacker attempts login for user, and i...

CVE-2020-7569

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code...

Remote Code Execution

friendsoftypo3/mediace is vulnerable to remote code execution. An attacker who has access to Extbase plugin or module action within a TYPO3 installation is able to execute arbitrary code by injecting arbitrary data with a valid cryptographic MAC. The vulnerability exists due to an insecure intern...

CVE-2019-5246

Smartphones with software of ELLE-AL00B 9.1.0.109C00E106R1P21, 9.1.0.113C00E110R1P21, 9.1.0.125C00E120R1P21, 9.1.0.135C00E130R1P21, 9.1.0.153C00E150R1P21, 9.1.0.155C00E150R1P21, 9.1.0.162C00E160R2P1 have an insufficient verification vulnerability. The system does not verify certain parameters...

CVE-2019-6266

Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext...