EUVD-2023-0106

Malicious code in bioql PyPI...

EUVD-2022-42401

Malicious code in bioql PyPI...

CVE-2024-12093

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions...

CVE-2025-30116

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Additionally, attackers can connect to port 90...

CVE-2025-24895 SAML Response Signature Verification Bypass in CIE.AspNetCore.Authentication

CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator for CIE 3.0. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: 1. Identity Provider IDP: the system that authenticates users and provides identity information SAML affirmation to the...

CVE-2023-49944

The Challenge Response feature of BeyondTrust Privilege Management for Windows PMfW before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature...

CVE-2023-49944

The Challenge Response feature of BeyondTrust Privilege Management for Windows PMfW before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature...

BeyondTrust Privilege Management Security Vulnerability

BeyondTrust Privilege Management is the BeyondTrust Privilege Management tool for Windows and Mac SaaS from BeyondTrust USA. A security vulnerability exists in BeyondTrust Privilege Management for Windows PMfW versions prior to 2023-07-14. An attacker could use this vulnerability to bypass the Po...

Keylime: challenge-response protocol bypass during agent registration

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimat...

SUSE CVE-2023-38201

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimat...

PYSEC-2023-160

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimat...

PT-2023-26334 · Keylime +3 · Keylime +3

Name of the Vulnerable Software and Affected Versions: Keylime versions prior to 7.5.0 Description: A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide t...

SUSE CVE-2022-39957

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...

OESA-2022-1970 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range...

UBUNTU-CVE-2022-39957

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...

PT-2022-25145 · Owasp +1 · Owasp Modsecurity Core Rule Set +1

Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set CRS versions 3.0.x through 3.3.2 Description: The issue allows for a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field...

PT-2022-25144 · Owasp +1 · Owasp Modsecurity Core Rule Set +1

Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set CRS versions 3.0.x through 3.3.2 Description: The issue concerns a response body bypass in the OWASP ModSecurity Core Rule Set CRS. A client can exploit this by issuing an HTTP Accept header field with an...

CVE-2022-39957 Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...

Cisco IOS XE Software Challenge/Response Bypass Vulnerability

A vulnerability in the request system shell command supported by specific Cisco IOS XE platforms WS-C3850, WS-C3650, AIR-CT5760, and WS-C4500X could allow an authenticated, local attacker with administrative privilege 15 to access the underlying Linux root shell. The vulnerability is due to...