OrchidMantis

Orchid Mantis A Framework for ZKPoX — Zero-Knowledge Proof...

CVE-2026-43930

CVE-2026-43930 affects Parse Server. A race condition in the MFA SMS OTP login path before 8.6.76 and 9.9.0-alpha.2 can allow two concurrent /login requests carrying the same OTP to succeed, producing two valid session tokens. Impact is breaking single-use OTP; attacker must already know the vict...

Auth0 Next.js SDK has Improper Proxy Cache Lookup

Description In affected versions of the Next.js SDK, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Which Projects are Affected? Users are affected if they meet all of the following preconditions: -...

CVE-2026-40155

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

Incorrect Authorization

Overview @auth0/nextjs-auth0 is a Next.js SDK for signing in with Auth0 Affected versions of this package are vulnerable to Incorrect Authorization in the proxy cache fetcher. An attacker can gain unauthorized access to sensitive information or perform actions with insufficient authorization by...

GHSA-69X3-G4R3-P962 Blocklist Bypass possible via ECDSA Signature Malleability

Impact When using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. In order for this to affect a...

CVE-2016-10831

cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account SEC-101...

Babylon's BIP322 signature implementation is not fully compliant to the spec

Summary The BIP-322 signature verification does not enforce the SIGHASH value to be SIGHASHALL, and therefore is not strictly following the spec. Impact Non-compliant BIP-322 signatures in proof of possessions can be accepted by the chain...

EUVD-2016-7555

Malware in sbrugna...

EUVD-2020-1971

Malware in sbrugna...

Duende IdentityServer 授权问题漏洞

Duende IdentityServer is a Duende open source, standards-compliant OpenID Connect and OAuth 2.x framework for ASP.NET Core. An authorization issue vulnerability exists in Duende IdentityServer version 7.0.0 and earlier, which stems from insufficient validation performed by the local API...

PT-2024-33666 · Duende · Duende Identityserver

Name of the Vulnerable Software and Affected Versions: Duende IdentityServer versions 7.0.0 through 7.0.7 Description: The local API authentication handler in Duende IdentityServer performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP...

CVE-2022-29054

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it...

CVE-2022-2888 Insufficient Session Expiration in octoprint/octoprint

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists...

Protect

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt keytab values in FortiOS & FortiProxy may allow an attacker in possession of the encrypted secret to decipher it...

Hardware-grade enterprise authentication without hardware: new SIM security solution for IAM

The average cost of a data breach, according to the latest research by IBM, now stands at USD 4.24 million, the highest reported. The leading cause? Compromised credentials, often caused by human error. Although these findings continue to show an upward trend in the wrong direction, the challenge...

FBI Analyst Charged With Stealing Counterterrorism and Cyber Threat Info

The U.S. Department of Justice DoJ indicted an employee of the Federal Bureau of Investigation FBI for illegally removing numerous national security documents and willfully retaining them at her personal residence during a 13-year period from June 2004 to December 2017. The federal indictment...

Bomb Threat, DDoS Purveyor Gets Eight Years

A 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S. and United Kingdom, running a service that launched distributed denial-of-service DDoS attacks, and for possessing sexually explicit images of...

Man pleads guilty to hacking Nintendo & possession of child pornography

By Waqas The hacker has pleaded guilty to hacking into Nintendo Co. LTD’s servers and stealing proprietary information. This is a post from HackRead.com Read the original post: Man pleads guilty to hacking Nintendo & possession of child pornography...

Man arrested for possession of 58 terabytes of child sexual abuse material

By Carolina On May 15th, 2018, a man from Allen city Texas This is a post from HackRead.com Read the original post: Man arrested for possession of 58 terabytes of child sexual abuse material...