Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

36 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-7637

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00883EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-1027

Malicious code in bioql PyPI...

5.9CVSS5.8AI score0.00619EPSS
Exploits0References10
RedhatCVE
RedhatCVEadded 2025/05/23 6:52 a.m.6 views

CVE-2024-46957

Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0...

9.8CVSS9.2AI score0.00595EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 10:31 p.m.4 views

CVE-2022-24968

In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification...

5.9CVSS6.6AI score0.00619EPSS
Exploits0References1
Veracode
Veracodeadded 2024/09/27 5:51 a.m.9 views

Spoofing Attack

mellium.im/xmpp is vulnerable to Spoofing Attack. The vulnerability is due to the implementation of the Mellium XMPP library, which does not check the stanza type and allows the use of predictable IDs, leading to the possibility of response spoofing...

9.8CVSS6.7AI score0.00595EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2024/09/26 6:24 p.m.10 views

GO-2024-3157 Mellium allows Authentication Bypass by Spoofing in mellium.im/xmpp

Mellium allows Authentication Bypass by Spoofing in mellium.im/xmpp...

9.8CVSS9.5AI score0.00595EPSS
Exploits0References5
OSV
OSVadded 2024/09/25 3:30 a.m.7 views

GHSA-98HF-M87W-CQ6H Mellium allows Authentication Bypass by Spoofing

Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing because the stanza type is not checked. This is fixed in 0.22.0...

9.8CVSS9.2AI score0.00595EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2024/09/25 3:30 a.m.14 views

Mellium allows Authentication Bypass by Spoofing

Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing because the stanza type is not checked. This is fixed in 0.22.0...

9.8CVSS7AI score0.00595EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2024/09/24 12:0 a.m.39 views

CVE-2024-46957

Summary: Mellium mellium.im/xmpp versions 0.0.1 through 0.21.4 are vulnerable to response spoofing because the stanza type is not checked when IDs are predictable. This can enable an attacker to spoof responses and may lead to compromise. The issue is fixed in version 0.22.0. Affected software: M...

9.8CVSS9.3AI score0.00595EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/09/24 12:0 a.m.17 views

CVE-2024-46957

Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0...

0.00595EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/09/24 12:0 a.m.13 views

CVE-2024-46957

Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0...

9.3AI score0.00595EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/09/23 12:0 a.m.3 views

PT-2024-32298 · Mellium · Mellium.Im/Xmpp

Name of the Vulnerable Software and Affected Versions: Mellium mellium.im/xmpp versions 0.0.1 through 0.21.4 Description: The issue allows response spoofing because the stanza type is not checked. This can lead to potential system compromise. The estimated number of potentially affected devices...

9.8CVSS6.5AI score0.00595EPSS
Exploits0References10
OSV
OSVadded 2023/01/18 6:6 p.m.17 views

GO-2023-1268 Authentication failure in mellium.im/sasl

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...

9.8CVSS9.4AI score0.00883EPSS
Exploits0References2
Veracode
Veracodeadded 2023/01/10 7:21 a.m.23 views

Authentication Bypass

github.com/mellium/sasl is vulnerable to authentication bypass. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty causing authentication to fail in the best case, which may lead to...

9.8CVSS9.1AI score0.00883EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2022/12/31 3:30 a.m.35 views

mellium.im/sasl authentication failure due to insufficient nonce randomness

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...

9.8CVSS9AI score0.00883EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2022/12/31 1:15 a.m.3 views

CVE-2022-48195

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...

9.8CVSS5.8AI score0.00883EPSS
Exploits0References1
NVD
NVDadded 2022/12/31 1:15 a.m.15 views

CVE-2022-48195

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...

9.8CVSS0.00883EPSS
Exploits0References1
Prion
Prionadded 2022/12/31 1:15 a.m.13 views

Authentication flaw

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...

7.5CVSS9.4AI score0.00883EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Databaseadded 2022/12/31 12:0 a.m.31 views

Mellium vulnerable to authentication failure or insufficient randomness used during authentication

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...

2.6AI score0.00883EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2022/12/31 12:0 a.m.85 views

CVE-2022-48195

The CVE-2022-48195 issue affects Mellium mellium.im/sasl prior to v0.3.1. During SCRAM-based SASL authentication, if the remote end advertises channel binding, the implementation fails to generate a random nonce (the nonce becomes empty). This can cause authentication to fail, and in configuratio...

9.8CVSS9.4AI score0.00883EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder