CVE-2026-9221 Setracker2 Children's Smartwatch Ecosystem Use of a Broken or Risky Cryptographic Algorithm

The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...

CVE-2026-45677

Summary (CVE-2026-45677): Rocket.Chat prior to versions 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11 fails to verify the signature on inbound SAML LogoutRequest messages. This allows an unauthenticated remote attacker who knows a target user’s SAML NameID (commonly the user’s ema...

EUVD-2024-2839

Malicious code in bioql PyPI...

whatsapp-api-js 数据伪造问题漏洞

whatsapp-api-js is a TypeScript server-agnostic official API framework for Whatsapp by Tomás Raiti Personal Developer. A data forgery issue vulnerability exists in versions of whatsapp-api-js prior to 4.0.3, which stems from incorrectly returning false for a valid signature when using the...

PT-2024-31706 · Unknown · Whatsapp-Api-Js

Name of the Vulnerable Software and Affected Versions: whatsapp-api-js versions prior to 4.0.3 Description: The issue concerns Incorrect Access Control in the whatsapp-api-js framework, impacting anyone using the post or verifyRequestSignature methods to handle messages. It is possible to check t...

Gatecoin: API request signature can be reused with other parameters/data than the original in certain cases

If an attacker can intercept/see an API-request from a client who has a system-clock that is slightly ahead of the server time then the attacker can re-use the API request-signature towards the same URL but with a different payload. This can for some of the endpoint lead to serious vulnerabilitie...