14 matches found
CVE-2026-41213
@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...
PT-2026-47018
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...
CVE-2026-45574 epa4all-client: TLS Certificate Validation Disabled in Production
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...
EUVD-2015-5781
Malware in sbrugna...
COROS PACE 3 安全漏洞
COROS PACE 3 is a GPS sports watch from COROS China. A security vulnerability exists in COROS PACE 3 3.0808.0 and earlier versions, which originates from unencrypted WLAN communication and could lead to a man-in-the-middle attack...
nodejs: integrity checks according to policies can be circumvented
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...
EZZY APP Android version of the deposit function module has a payment design loophole
EZZY APP is a car intelligent sharing platform APP created by Beijing Daimeng Technology Co. The Android version of EZZY APP has a vulnerability in the amount payment design. After logging into the system, an attacker can arbitrarily modify the size of the payment amount by clicking on the paymen...
The vulnerability of the Kernel Samepage Merging (KSM) component in the Linux operating system allows a hacker to influence the confidentiality of information.
The vulnerability of the Linux operating system’s Kernel Samepage Merging KSM component is related to the lack of protection for service data when the ASLR mechanism is used. Exploiting this vulnerability allows a local attacker to partially compromise the confidentiality of information through a...
CVE-2016-1672
The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...
TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...
CVE-2015-5835
Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme...
Design/Logic Flaw
Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme...
CVE-2015-5835
CVE-2015-5835 corresponds to an inter-app communication interception vulnerability in Apple iOS prior to 9.0, enabling a crafted app to obtain sensitive information by abusing URL scheme handling. The issue is described as a local/inter-app access risk where a malicious app could intercept URL sc...
CVE-2015-5835
Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme...