362 matches found
CVE-2026-41470 LIVE555 < 2026.04.22 RTSP Server Authorization Bypass via Session Token
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...
GHSA-X7MM-9VVV-64W8 unhead: Streaming SSR `streamKey` injected into inline script without identifier validation
Summary createStreamableHead streamKey interpolated its streamKey argument directly into the streaming SSR bootstrap and suspense-chunk inline scripts without identifier validation or escaping. If an application forwards untrusted data into that configuration value, the rendered scripts become a...
Wowza Media Systems Wowza Streaming Engine 跨站请求伪造漏洞
Wowza Media Systems Wowza Streaming Engine is a powerful, customizable, and scalable media server software developed by Wowza Media Systems. It enables reliable streaming of high-quality video and audio to any device. Version 4.5.0 of Wowza Streaming Engine contains a cross-site request forgeing...
BIT-MASTODON-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
CVE-2025-62176
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
EUVD-2025-34111
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
CVE-2025-62176
Summary : The Mastodon streaming server vulnerability CVE-2025-62176 allows OAuth clients lacking the read:statuses scope to subscribe to public timelines by using any valid authentication token. Affected versions : prior to 4.4.6, 4.3.14, and 4.2.27. Root cause : streaming server accepts events ...
CVE-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
CVE-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
EUVD-2003-1404
Malware in sbrugna...
EUVD-2003-0415
Malware in sbrugna...
EUVD-2004-0823
Malware in sbrugna...
EUVD-2003-0048
Malware in sbrugna...
EUVD-2003-0417
Malware in sbrugna...
EUVD-2006-1460
Malware in sbrugna...
EUVD-2004-0169
Malware in sbrugna...
EUVD-2003-0047
Malware in sbrugna...
EUVD-2005-2196
Malware in sbrugna...
EUVD-2006-1459
Malware in sbrugna...
EUVD-2003-0496
Malware in sbrugna...