The vulnerability in the x509_main function of the apps/x509.c module in the OpenSSL library allows a attacker to replace the trusted certificate.

The vulnerability of the x509main function in the apps/x509.c module of the OpenSSL library is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to replace the trusted certificate...

Machine Learning Models Have a Supply Chain Problem

Powerful machine learning ML models are now readily available online, which creates exciting possibilities for users who lack the deep technical expertise or substantial computing resources needed to develop them. On the other hand, this type of open ecosystem comes with many risks. In this paper...

USN-7525-2 Tomcat vulnerability

USN-7525-1 fixed CVE-2025-24813 for tomcat9 in Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. This update fixes it for tomcat9 in Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.10. These versions include only the tomcat library libtomcat9-java and not the full tomcat server stack...

CVE-2025-4053

The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the...

CVE-2025-4053 Unauthorized creation of master key in Mifare Classic Be-Tech cards

The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the...

CVE-2025-4053

Be-Tech Mifare Classic card systems are affected. The root cause is that data stored on the Mifare Classic cards is in cleartext, enabling an attacker with a guest card to craft a master key card that can unlock all locks in the building. Affected component: Be-Tech Mifare Classic cards and assoc...

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

CVE-2024-40547

PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace...

CVE-2024-23187

Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please...

CVE-2024-54099

File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...

CVE-2024-22410

Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute...

CVE-2023-26918

Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:F access...

CVE-2023-5347

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01...

CVE-2023-28804

An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105...

CVE-2023-20940

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2023-30024

The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer...

CVE-2022-24075

Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files...

CVE-2022-23742

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links...

CVE-2021-32949

An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file...

CVE-2021-21739

A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optical module on the equipment with an unauthenticated one, bypassing system authentication and...