CVE-2026-50269

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

CVE-2026-50269 AIOHTTP: CRLF injection in multipart headers

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

PT-2026-49564

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.0 Description Attacker-controlled input included in multipart/payload headers can be used to modify a request to inject additional headers or change the request contents. This occurs when an application passes...

One (Thread) Can Keep a (PRNG) Secret, but Not Two

We present a novel, practical attack on the IPv6 Fragment ID generation algorithm of XNU, which is the kernel used by Apple products such as macOS and iOS. This attack exploits a race-condition vulnerability in the algorithm's pseudorandom number generator PRNG to cryptanalytically break, learn t...

CVE-2022-35646

IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096...

CVE-2025-65827

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. TThis may result in a total compromise o...

CVE-2025-65830

Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if t...

EUVD-2017-13131

Malware in sbrugna...

EUVD-2021-8692

Malicious code in bioql PyPI...

EUVD-2022-38527

Malicious code in bioql PyPI...

EUVD-2023-0006

Malicious code in bioql PyPI...

CVE-2025-57438

The 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Certain sensitive endpoints are intended to be accessible only after the admin explicitly grants access to a manager-level account. However, a manager-level user can bypass these controls by intercepting and modifyi...

CVE-2025-57438

The 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Certain sensitive endpoints are intended to be accessible only after the admin explicitly grants access to a manager-level account. However, a manager-level user can bypass these controls by intercepting and modifyi...

CVE-2025-57438

The 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Certain sensitive endpoints are intended to be accessible only after the admin explicitly grants access to a manager-level account. However, a manager-level user can bypass these controls by intercepting and modifyi...

PT-2025-38759

Name of the Vulnerable Software and Affected Versions 2wcom IP-4c version 2.15.5 Description The 2wcom IP-4c device version 2.15.5 is subject to a Broken Access Control issue. Manager-level users can bypass intended access restrictions on sensitive endpoints by intercepting and modifying requests...

Linux Distros Unpatched Vulnerability : CVE-2023-49082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request...

VulnCheck KEV: CVE-2022-39290

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the...

CVE-2024-47653

This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to...

CVE-2015-5298

The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...

PT-2025-18959 · Unknown · Bluewave Checkmate

Name of the Vulnerable Software and Affected Versions: BlueWave Checkmate versions through 2.0.2 before d4a6072 Description: The issue allows an invite request to be modified to specify a privileged role. Recommendations: For BlueWave Checkmate versions through 2.0.2 before d4a6072, consider...