CVE-2026-44479 Vercel: Non-interactive mode includes CLI arguments in suggested command output

Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...

MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation

Summary Affected Components: org.msgpack.core.MessageUnpacker.readPayload org.msgpack.core.MessageUnpacker.unpackValue org.msgpack.value.ExtensionValue.getData A denial-of-service vulnerability exists in MessagePack for Java when deserializing .msgpack files containing EXT32 objects with...

CVE-2025-65945 auth0/node-jws improper HMAC signature verification vulnerability

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...

Improper Verification of Cryptographic Signature

Overview jws is an Implementation of JSON Web Signatures Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the createVerify function when using HS256 HMAC algorithms and incorporating user-provided data from the JSON Web Signature Protected...

Towards Ultra-Low Latency: Binarized Neural Network Architectures for In-Vehicle Network Intrusion Detection

The Control Area Network CAN protocol is essential for in-vehicle communication, facilitating high-speed data exchange among Electronic Control Units ECUs. However, its inherent design lacks robust security features, rendering vehicles susceptible to cyberattacks. While recent research has...

CVE-2024-6127

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payloa...

CVE-2024-6127

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payloa...

CVE-2024-6127

CVE-2024-6127 affects BC Security Empire before 5.9.3. It is a path-traversal vulnerability that can enable remote code execution. An unauthenticated attacker can trigger the issue over HTTP by acting as a normal agent, completing cryptographic handshakes, and uploading payload data containing a ...

Positron Broadcast Signal Processor TRA7005 1.20 Authentication Bypass Exploit

The Positron Broadcast Digital Signal Processor TRA7005 version 1.20 suffers from an authentication bypass through a direct and unauthorized access to the password management functionality. The vulnerability allows attackers to bypass Digest authentication by manipulating the password endpoint...

PT-2024-12390 · Qualcomm · Snapdragon +97

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns information disclosure in Audio when accessing AVCS services from ADSP payload. No further details are provided about the nature of t...

Apache NiFi cross-site scripting vulnerability (CNVD-2023-9665850)

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. Apache NiFi suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and...

Unsafe message encode and decode for cross chain message transfer and in execution process through axelar

Lines of code Vulnerability details Impact The cross chain message passing is done through the axelar gateway contracts. To pass the message, the message has to be formatted abi.encode and sent to destination chain from source chain. In destination chain, through gateway contract, the received...

Rocky Linux 8 : openssl (RLSA-2023:1405)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1405 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...

Double free after calling `PEM_read_bio_ex`

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

CVE-2022-1278

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain...

PT-2022-13768 · Wildfly · Wildfly

Name of the Vulnerable Software and Affected Versions: WildFly affected versions not specified Description: A flaw was found in WildFly, allowing an attacker to see deployment names, endpoints, and any other data the trace payload may contain. Recommendations: At the moment, there is no informati...

WildFly 安全漏洞

Wildfly is a powerful, modular and lightweight application server from Wildfly. WildFly has a security vulnerability that stems from the presence of an information leak. An attacker exploiting the vulnerability could see the deployment name, endpoints, and any data that the tracking payload may...

CVE-2020-12859

Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations...

CVE-2020-12859

The CVE concerns COVIDSafe’s OpenTrace/BlueTrace protocol (up to v1.0.17). Unnecessary fields in the protocol payload allow a remote attacker to identify a device model by observing cleartext data, enabling re-identification of devices, particularly for less common phone models or in low-density ...

CVE-2020-12859

Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations...