Lucene search
K

55 matches found

OSV
OSV
added 2026/06/18 2:28 p.m.8 views

GHSA-VMH5-MC38-953G undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Impact undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername...

7.4CVSS5.9AI score0.00459EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.8 views

CVE-2026-21009

Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning...

6.8CVSS5.4AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2026/05/22 8:31 a.m.9 views

MAL-2026-4597 Malicious code in kurumi-fca (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f90450e6ca1502bf6287d945c37c4c64f59e624a4269ab8e07600a9db5e755d0 kurumi-fca is a Facebook Chat API library whose advertised purpose is to listen to Messenger events for the caller. Two undisclosed behaviors make it...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 8:31 a.m.10 views

Malicious code in kurumi-fca (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f90450e6ca1502bf6287d945c37c4c64f59e624a4269ab8e07600a9db5e755d0 kurumi-fca is a Facebook Chat API library whose advertised purpose is to listen to Messenger events for the caller. Two undisclosed behaviors make it...

5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/04/13 6:30 a.m.4 views

EUVD-2026-21862

Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning...

4.1CVSS5.8AI score0.00227EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/13 5:4 a.m.4 views

CVE-2026-21009

Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning...

4.1CVSS5.8AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.5 views

CVE-2026-22181

OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTPPROXY, HTTPSPROXY, or ALLPROXY environment variables are present, attacker-influenced...

7.6CVSS5.8AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2026/03/18 1:34 a.m.7 views

CVE-2026-22181 OpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetch

OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTPPROXY, HTTPSPROXY, or ALLPROXY environment variables are present, attacker-influenced...

6.1CVSS7.1AI score0.00221EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/04 1:57 a.m.6 views

CVE-2026-0005

In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and...

6.2CVSS6AI score0.00103EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/02 6:42 p.m.3 views

CVE-2026-0005

In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and...

6AI score0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/02 6:42 p.m.18 views

CVE-2026-0005

In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and...

0.00103EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 6:42 p.m.16 views

CVE-2026-0005

Technical details about CVE-2026-0005 are not publicly available in the provided documents. Monitor for updates.

6.2CVSS6AI score0.00103EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.8 views

PT-2026-22670

In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and...

6AI score0.00103EPSS
Exploits0References2
curl security advisories
curl security advisories
added 2026/01/07 8:0 a.m.7 views

No QUIC certificate pinning with GnuTLS

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool, curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper...

5.9CVSS6.2AI score0.00227EPSS
Exploits0Affected Software2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-0031

Malware in sbrugna...

7.2CVSS6.9AI score0.00611EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-13600

Malware in sbrugna...

8.4CVSS8.2AI score0.00136EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-16230

Malware in sbrugna...

7.5CVSS7.6AI score0.01905EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26835

Malicious code in bioql PyPI...

7.8CVSS6.5AI score0.00093EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/06 7:31 p.m.14 views

CVE-2025-32331

In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.8AI score0.00093EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 7:15 p.m.3 views

CVE-2025-32331

In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00093EPSS
Exploits0References2
Rows per page
Query Builder