12 matches found
Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload
Impact Any baileys session under the latest version false in socket config. There are no workarounds for the app state sync jamming...
ALPINE-CVE-2026-28780
Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...
EUVD-2023-30268
Malicious code in bioql PyPI...
PT-2025-32989 · Unknown · Cherry-Studio
Name of the Vulnerable Software and Affected Versions: Cherry Studio versions 1.2.5 through 1.5.1 Description: Cherry Studio is vulnerable to OS Command Injection when connecting to a malicious MCP server in HTTP Streamable mode. Attackers can establish a malicious MCP server with compatible OAut...
SUSE CVE-2025-38264
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvmetcphandler2t to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing...
Linux Distros Unpatched Vulnerability : CVE-2024-46676
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfc: pn533: Add poll mod list filling check In case of improtocols value is 1 and tmprotocols value is 0 this combination successfully passes the check 'if...
AZL-35096 CVE-2023-39325 affecting package packer for versions less than 1.9.5-1
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
CVE-2023-26448
Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit...
Code injection
Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit...
CVE-2023-26448
Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit...
Open-Xchange AppSuite Cross-Site Scripting Vulnerability
Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to more intuitively manage email, tasks, files, etc. A security vulnerability exists in Open-Xchange AppSuite that stems from a customized login and logout location jslob that ...
Cisco IOS Software and IOS XE Software Denial of Service Vulnerability (CNVD-2018-20297)
Cisco IOS Software and IOS XE Software are both operating systems developed by Cisco for its network devices.Cluster Management Protocol is one of the cluster management protocols. A denial of service vulnerability exists in Cluster Management Protocol in Cisco IOS Software and IOS XE Software. A...