CVE-2026-41470

A flaw was found in LIVE555. This authorization bypass vulnerability in the Real-Time Streaming Protocol RTSP session command handling allows a remote attacker to replay valid session tokens from unauthenticated connections. An attacker who obtains a valid session token can issue commands without...

p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the CDeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potential...

Malicious code in crazehub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53d37c0e75f63e9da7adcc1f71f8b67a665d080342df6857a15dadc297e4f075 crazehub/init.py performs multiple user-hostile actions at import time. Lines 2-3 unconditionally run os.system"pip install phonenumbers" and...

MAL-2026-3687 Malicious code in crazehub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53d37c0e75f63e9da7adcc1f71f8b67a665d080342df6857a15dadc297e4f075 crazehub/init.py performs multiple user-hostile actions at import time. Lines 2-3 unconditionally run os.system"pip install phonenumbers" and...

EUVD-2026-16336

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the CDeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potential...

CVE-2026-2100 P11-kit: null dereference via c_derivekey with specific null parameters

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the CDeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potential...

CVE-2026-2100

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the CDeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potential...

CVE-2026-2100

CVE-2026-2100 – p11-kit : A flaw allows a remote attacker to trigger a NULL dereference by calling C_DeriveKey on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL, potentially causing an application-level denial of service or other undefined states. Public...

EUVD-2026-12231

A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument tokenid leads to improper access controls. The attack may be initiated remotely. The exploit is publicly...

MBS多款产品 安全漏洞

MBS UBR-01 Mk II, etc., are products of the German MBS company. The MBS UBR-01 Mk II is a remote base station device. The MBS UBR-02 is also a remote base station device. The MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have security...

CVE-2021-33709

A vulnerability has been identified in Teamcenter Active Workspace V4 All versions V4.3.9, Teamcenter Active Workspace V5.0 All versions V5.0.7, Teamcenter Active Workspace V5.1 All versions V5.1.4. By sending malformed requests, a remote attacker could leak an application token due to an error n...

EUVD-2025-23878

Malicious code in bioql PyPI...

CVE-2025-7789

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with...

CVE-2025-40566

A vulnerability has been identified in SIMATIC PCS neo V4.1 All versions V4.1 Update 3, SIMATIC PCS neo V5.0 All versions V5.0 Update 1. Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session...

CVE-2024-1610

The vulnerability CVE-2024-1610 affects the OPPO Store App. Connected PT-2024-18170 documents indicate the issue is an escalation of privilege due to improper input validation, specifically impacting OPPO Store App version 4.32.1. Root cause: improper input validation that could allow higher acce...

Mattermost Improper Authorization Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an improper authorization vulnerability. An attacker could exploit the vulnerability to cause a remote cluster token to be retrieved via a timing attack during a remote cluster...

CVE-2024-22454

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromise...

SUSE CVE-2010-1324

MIT Kerberos 5 aka krb5 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via 1 an unkeyed checksum, 2 an unkeyed PAC checksum, or 3 a KrbFastArmoredRe...

SUSE CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

The vulnerability of the Microsoft Visual Studio Code Live Share Extension, related to the lack of data protection for service data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Microsoft Visual Studio Code Live Share Extension relates to the lack of protection for service data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by intercepting tokens from the client to...