PT-2026-32711

It was discovered that xdg-dbus-proxy incorrectly handled eavesdropping in policy rules. A local attacker could possibly use this issue to intercept certain D-Bus messages...

CVE-2026-34080 xdg-dbus-proxy has an eavesdrop filter bypass allowing message interception

xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...

CVE-2026-34080

xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...

CVE-2025-6792 One to one user Chat by WPGuppy <= 1.1.4 - Unauthenticated Information Disclosure via Chat Message Interception

The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to...

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every message and link the attacker's device to a victim's WhatsApp account. The package, named "lotusbail,"...

PT-2025-44639

Name of the Vulnerable Software and Affected Versions ISO 15118-2 compliant EV charging systems affected versions not specified Description A flaw exists in the Signal Level Attenuation Characterization SLAC protocol used in electric vehicle EV charging systems that adhere to the ISO 15118-2...

EUVD-2015-8565

Malware in sbrugna...

EUVD-2021-7793

Malicious code in bioql PyPI...

EUVD-2022-1317

Malicious code in bioql PyPI...

EUVD-2023-31172

Malicious code in bioql PyPI...

EUVD-2024-43420

Malicious code in bioql PyPI...

CVE-2022-24762

sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in...

CVE-2024-47791

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices...

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

European law enforcement agencies have taken down yet another encrypted messaging service mainly used by criminals. The Matrix encrypted messaging service was an invite-only service which was also marketed under the names Mactrix, Totalsec, X-quantum, or Q-safe. Dutch and French authorities start...

CVE-2024-47791

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices...

CVE-2024-47791 Ruijie Reyee OS Improper Neutralization of Wildcards or Matching Symbols

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices...

CVE-2024-47125 Improper Restriction of Communication Channel to Intended Endpoints in goTenna Pro

The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. It is advised to update your app to the current release for enhanced encryption protocols...

Hitachi Energy RTU500 Scripting interface Trust Management Issue Vulnerability

RTU500 is a series of industrial control components from Hitachi, Japan, mainly used for industrial control systems.RTU500 Scripting interface is part of Hitachi Energy RTU500 series of industrial control components, mainly used to provide scripting programming interface to realize specific...

Design/Logic Flaw

A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority CA, allowing the client to validate th...

Hitachi Energy RTU500 信任管理问题漏洞

RTU500 is a series of industrial control components from Hitachi, Japan, mainly used for industrial control systems.RTU500 Scripting interface is part of Hitachi Energy RTU500 series of industrial control components, mainly used to provide scripting programming interface to realize specific...