CVE-2026-32952

A flaw was found in the go-ntlmssp package. A remote attacker could exploit this vulnerability by sending a specially crafted NTLM NT LAN Manager challenge message. This malicious message can trigger a slice out of bounds panic, leading to a Denial of Service DoS by crashing any Go process that...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the ntlmssp.Negotiator process. An attacker can cause a panic and crash the application by sending a specially crafted NTLM challenge message. Remediation Upgrade github.com/Azure/go-ntlmssp to version...

go-ntlmssp NTLM challenges can panic on malformed payloads

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

go-ntlmssp NTLM challenges can panic on malformed payloads

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

EUVD-2025-32715

Stored Cross-Site Scripting XSS in Biobanking and Biomolecular Resources Negotiator v3.15.2 - European Research Infrastructure BBMRI-ERIC, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using parameter text in '/api/v3/negotiations//posts'...

EUVD-2025-32714

Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...

CVE-2025-40676

Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...

CVE-2025-40676 Múltiples vulnerabilidades en Negotiator de BBMRI-ERIC

Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...

CVE-2025-40676 Múltiples vulnerabilidades en Negotiator de BBMRI-ERIC

Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...

CVE-2025-40676

CVE-2025-40676 affects Negotiator v3.15.2 from BBMRI-ERIC. The vulnerability is an insecure direct object reference (IDOR) in the userID parameter of the /api/v3/users/ endpoint, enabling an attacker to access or modify unauthorised resources and potentially expose or alter sensitive data. The CV...

CVE-2025-40649

Stored XSS in BBMRI-ERIC Negotiator v3.15.2 due to insufficient validation of user-supplied data in the text parameter of POST /api/v3/negotiations//posts. A remote attacker could craft input to exfiltrate or steal the cookie session details of an authenticated user. The issue is concrete in the ...

CVE-2025-40649 Múltiples vulnerabilidades en Negotiator de BBMRI-ERIC

Stored Cross-Site Scripting XSS in Biobanking and Biomolecular Resources Negotiator v3.15.2 - European Research Infrastructure BBMRI-ERIC, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using parameter text in '/api/v3/negotiations//posts'...

CVE-2025-40649 Múltiples vulnerabilidades en Negotiator de BBMRI-ERIC

Stored Cross-Site Scripting XSS in Biobanking and Biomolecular Resources Negotiator v3.15.2 - European Research Infrastructure BBMRI-ERIC, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using parameter text in '/api/v3/negotiations//posts'...

EUVD-2018-0538

Malware in sbrugna...

BBMRI-ERIC Negotiator 跨站脚本漏洞

BBMRI-ERIC Negotiator is a biospecimen repository access tool from BBMRI-ERIC, Austria. A cross-site scripting vulnerability exists in BBMRI-ERIC Negotiator version v3.15.2, which stems from a lack of user input validation and could lead to a stored cross-site scripting attack...

PT-2025-40986

Name of the Vulnerable Software and Affected Versions Negotiator version 3.15.2 Description An Insecure Direct Object Reference IDOR exists in Negotiator. This allows an attacker to access or modify unauthorized resources by manipulating requests. The issue involves the userID parameter within th...

BBMRI-ERIC Negotiator 安全漏洞

BBMRI-ERIC Negotiator is a biospecimen repository access tool from the Austrian company BBMRI-ERIC. A security vulnerability exists in BBMRI-ERIC Negotiator version v3.15.2, which stems from improper manipulation of the userID parameter and could lead to an insecure direct object reference attack...

PT-2025-40985

Name of the Vulnerable Software and Affected Versions Biobanking and Biomolecular Resources Negotiator version 3.15.2 Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. A remote user can exploit this by sending a POST request with a...

Linux Distros Unpatched Vulnerability : CVE-2016-10539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for Accept-Language, when...

Winning the Mind Game: The Role of the Ransomware Negotiator

Get exclusive insights from a real ransomware negotiator who shares authentic stories from network hostage situations and how he managed them. The Ransomware Industry Ransomware is an industry. As such, it has its own business logic: organizations pay money, in crypto-currency, in order to regain...