ex_webrtc client-role handshake is missing DTLS peer fingerprint validation

Summary Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with...

Malicious code in uaragifa-ma-sfu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2ce72cb833aa70a4e533f84cddf331ff853fc05a8443952a6c3f25cab5f7eb4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-147270

Malicious code in uaragifa-ma-sfu npm...

EUVD-2025-32233

Malicious code in bioql PyPI...

Malicious code in odoo-sfu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6150db474384025ea6979cd2f9cdfcd33735d897541917f74ee49a6d3ee74c71 The OpenSSF Package Analysis project identified 'odoo-sfu' @ 9.0.1 npm as malicious. It is considered malicious because: - The package...

MAL-2025-47901 Malicious code in odoo-sfu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6150db474384025ea6979cd2f9cdfcd33735d897541917f74ee49a6d3ee74c71 The OpenSSF Package Analysis project identified 'odoo-sfu' @ 9.0.1 npm as malicious. It is considered malicious because: - The package...

GO-2025-3748 Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS) in github.com/pion/interceptor

Pion Interceptor's improper RTP padding handling allows remote crash for SFU users DoS in github.com/pion/interceptor...

CVE-2025-49140 Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)

Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Users should...

CVE-2025-49140

Pion Interceptor (part of the RTP/RTCP framework) versions 0.1.36–0.1.38 contain a bug in the RTP packet factory that can cause a panic in Pion-based SFUs when handling crafted RTP packets. The issue is mitigated by upgrading to v0.1.39 or later, which adds a validation that padLen > 0 && padLen

Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls

Popular social messaging platform Discord has announced that it's rolling out a new custom end-to-end encrypted E2EE protocol to secure audio and video calls. The protocol has been dubbed DAVE, short for Discord's audio and video end-to-end encryption "E2EE A/V". As part of the change introduced...

CVE-2024-2698

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...

UBUNTU-CVE-2024-2698

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...

birds.sfu-kras.ru Cross Site Scripting vulnerability OBB-3258454

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

MAL-2023-683 Malicious code in pixelstreaming-sfu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1390345d3954601dd4e78b036f59a0da6ea0e7df8f7720a3894fd0b4881b628 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pixelstreaming-sfu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1390345d3954601dd4e78b036f59a0da6ea0e7df8f7720a3894fd0b4881b628 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview pixelstreaming-sfu is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

cis.milano-sfu.it Cross Site Scripting vulnerability OBB-1205817

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

PKP Open Journal Systems Detection (HTTP)

HTTP based detection of PKP Open Journal Systems. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

cgi.sfu.ca XSS vulnerability

Open Bug Bounty ID: OBB-216350 Description| Value ---|--- Affected Website:| cgi.sfu.ca Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2015-6848

EMC Isilon OneFS vulnerability (CVE-2015-6848) affects Isilon 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1. When RFC 2307 is configured but SFU is not universally present, remote authenticated AD users can obtain root privileges via unspecified vectors. The underlying ...