awslabs/tough Delegated Roles have a Signature Threshold Bypass

Summary Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegate...

CVE-2026-27764

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

CVE-2023-49238

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation in certain installation scenarios because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in befor...

EUVD-2026-1244

EUVD-2026-1244...

CVE-2025-6515 Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...

CVE-2025-6515

The CVE concerns oatpp-mcp’s MCP SSE endpoint, where a session ID is derived from an instance pointer instead of a unique, cryptographically secure value. This enables a network attacker with access to the oatpp-mcp server to predict/guess future session IDs, hijack legitimate MCP sessions, and c...

PT-2025-42788

Name of the Vulnerable Software and Affected Versions oatpp-mcp affected versions not specified Description The MCP SSE endpoint returns an instance pointer as the session ID, which is not unique or cryptographically secure. This allows network attackers with access to the oatpp-mcp server to gue...

EUVD-2016-6650

Malware in sbrugna...

EUVD-2015-8139

Malware in sbrugna...

EUVD-2020-6069

Malware in sbrugna...

Matrix 安全漏洞

Matrix is a new ecosystem of Matrix open source for open federated instant messaging and VoIP. A security vulnerability exists in Matrix versions prior to 1.16 that stems from a lack of creation event uniqueness, which could lead to a security risk...

Linux Distros Unpatched Vulnerability : CVE-2023-3128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to...

CVE-2020-13858

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations...

Security Bulletin: UC Deploy Container images may contain non-unique https certificates and database encryption key. (CVE-2021-39082 )

Summary CVE-2021-39082 The provided UC Deploy Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. Vulnerability Details...

PT-2024-25532 · Cosy+ · Cosy+

Name of the Vulnerable Software and Affected Versions: Cosy+ devices versions 21.x below 21.2s10 Cosy+ devices versions 22.x below 22.1s3 Description: The issue concerns the use of a unique key for encrypting configuration parameters in Cosy+ devices. This key is not unique per device in affected...

CVE-2024-22064

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connectionIKE with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the...

CVE-2024-22064

CVE-2024-22064 affects ZTE ZXUN-ePDG, a network node for the VoWifi system. The vulnerability arises from by-default configuration that uses a set of non-unique cryptographic keys during establishing a secure IKE connection with mobile devices. If these keys are leaked or cracked, user session in...

PT-2024-19178 · Zte · Zxun-Epdg

Name of the Vulnerable Software and Affected Versions: ZTE ZXUN-ePDG product versions up to 5.20.19 Description: The ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, uses a set of non-unique cryptographic keys by default configuration when establishing a secure...

thelounge may publicly disclose of all usernames/idents via port 113

Per RFC 1413, The unique identifying tuple includes not only the ports, but also the both addresses. Without the addresses, the information becomes both non-unique and public: - If multiple connections happen to use the same local port number which is possible if the addresses differ, the usernam...

PT-2024-15171 · Kontrol +2 · Kontrol +3

Name of the Vulnerable Software and Affected Versions: Sciener firmware affected versions not specified Description: The issue concerns the use of a non-unique AES key in the pairing process between locks using Sciener firmware and wireless keypads. This key can be reused, potentially compromisin...