Lucene search
K

7 matches found

NVD
NVD
added 2026/06/17 8:17 p.m.13 views

CVE-2026-48814

Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP SSE server allows unauthenticated cross-origin MCP tool invocation due to an empty default secret. This issue was partially addressed by CVE-2026-46701 in version 5.4.5 by closing the CORS flaw wit...

9.1CVSS0.00297EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2025/10/14 12:21 p.m.11 views

Pixel-stealing “Pixnapping” attack targets Android devices

Researchers at US universities have demonstrated how a malicious Android app can trick the system into leaking pixel data. That may sound harmless, but imagine if a malicious app on your Android device could glimpse tiny bits of information on your screen—even the parts you thought were secure,...

5.5CVSS6.2AI score0.00122EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/14 12:0 a.m.9 views

Pixnapping: Bringing Pixel Stealing out of the Stone Age

Pixel stealing attacks enable malicious websites to leak sensitive content displayed in victim websites. The idea, introduced by Stone in 2013, is to embed victim websites in iframes and use SVG filters to compute on, and create side channels as a function of, those websites' pixels. Fortunately,...

6.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/04/11 11:59 a.m.4 views

mod_auth_mellon: authentication bypass in ECP flow

A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP non-browser based...

8.1CVSS5.7AI score0.02969EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2014/02/13 12:9 a.m.11 views

Hackers targeting non-browser applications with Fake SSL Certificates

Having SSL Certification doesn't mean that the website you are visiting is not a bogus website. SSL certificates protect web users in two ways, it encrypts sensitive information such as usernames, passwords, or credit card numbers and also verify the identity of websites. But today hackers and...

6.5AI score
Exploits0
ThreatPost
ThreatPost
added 2012/10/25 1:41 p.m.16 views

SSL Vulnerabilities Found in Critical Non-Browser Software Packages

The death knell for SSL is getting louder. Researchers at the University of Texas at Austin and Stanford University have discovered that poorly designed APIs used in SSL implementations are to blame for vulnerabilities in many critical non-browser software packages. Serious security vulnerabiliti...

0.5AI score
Exploits0References4
Atlassian
Atlassian
added 2011/07/01 10:40 a.m.18 views

Web Sudo should be able to be subverted for non browsers (eg scripts) via a HTTP header

We do this for XSRF protection. Basically you should be able to subvert the web sudo mechanism via a HTTP header. This posts shows the use case https://answers.atlassian.com/questions/1273/jira-jelly-runner-via-cron-in-v4-3-4 I believe it just as secure since web sudo is really design to stop som...

0.5AI score
Exploits0Affected Software1
Rows per page
Query Builder