CVE-2026-32847

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

CVE-2026-32847 DeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.py

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

CVE-2026-48697

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...

Astra Linux – Vulnerability in Twisted

In words.protocols.jabber.xmlstream in Twisted through version 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to intercept connections...

Astra Linux – Vulnerability in nss, Thunderbird

Versions of NSS Network Security Services prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications that use NSS to handle signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be affected. Applications that...

JLSEC-2026-267 Issue summary: A timing side-channel which could potentially allow remote recovery of the private...

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...

CVE-2026-30795

The CVE concerns the RustDesk Client (rustdesk-client) across Windows, macOS, Linux, iOS, and Android. The vulnerability affects the Heartbeat sync loop modules, specifically the src/hbbs_http/sync.Rs code path and the Heartbeat JSON payload construction, where cleartext transmission of sensitive...

CVE-2026-30794 RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure

Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android HTTP API client, TLS transport modules allows Adversary in the Middle AiTM. This vulnerability is associated with program files src/hbbshttp/httpclient.Rs and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from nfsmatchclient not checking the TLS certificate field, which could lead to client authentication issues...

GO-2025-4224 OpenTofu incorrectly validates excluded subdomain constraint in conjunction with TLS certificates containing wildcard SANs in github.com/opentofu/opentofu

OpenTofu incorrectly validates excluded subdomain constraint in conjunction with TLS certificates containing wildcard SANs in github.com/opentofu/opentofu...

EUVD-2015-0979

Malware in sbrugna...

EUVD-2019-17741

Malware in sbrugna...

EUVD-2007-0399

Malware in sbrugna...

EUVD-2017-17023

Malware in sbrugna...

EUVD-2017-17021

Malware in sbrugna...

EUVD-2020-7219

Malware in sbrugna...

EUVD-2025-0068

Malicious code in bioql PyPI...

EUVD-2023-3160

Malicious code in bioql PyPI...

EUVD-2025-29767

Malicious code in bioql PyPI...

EUVD-2024-30651

Malicious code in bioql PyPI...