Lucene search
K

16 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.6 views

CoreWCF: WS-Security signature substitution via document-wide Signature lookup

Impact An unauthenticated remote attacker who can place a SOAP header lexically before wsse:Security can embed a ds:Signature of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security header. Preconditions...

5.9CVSS5.9AI score0.00238EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 8:46 p.m.12 views

GHSA-JC6X-RJ79-W4MX CoreWCF: WS-Security signature substitution via document-wide Signature lookup

Impact An unauthenticated remote attacker who can place a SOAP header lexically before wsse:Security can embed a ds:Signature of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security header. Preconditions...

5.9CVSS5.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 8:46 p.m.6 views

Improper Verification of Cryptographic Signature

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature...

8.2CVSS5.9AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51070

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description WS-Security signature verification performs a document-wide ds:Signature lookup. An unauthenticated remote attacker can place a SOAP header before wsse:Security and...

5.9CVSS6AI score0.00238EPSS
Exploits0References12
Packet Storm News
Packet Storm News
added 2026/04/16 12:0 a.m.6 views

Too Private to Tell: Practical Token Theft Attacks on Apple Intelligence

Apple Intelligence is a generative AI GenAI service provided by Apple on its devices. While offering a similar set of features as other similar GenAI services, Apple Intelligence is claimed to be designed with an extra focus on user security and privacy through a two-stage authentication and...

5.6AI score
Exploits0
OSV
OSV
added 2026/03/16 3:14 p.m.2 views

GHSA-5H2M-4Q8J-PQPJ FastMCP OAuth Proxy token reuse across MCP servers

While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the baseurl passed to...

7.4CVSS5.9AI score0.00358EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-31752

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00308EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/01 12:42 a.m.18 views

CVE-2025-56676

TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as another user, due to improper validation of token-user linkage. This allows remote attackers to gain...

5.4CVSS7.3AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 2025/09/30 4:15 p.m.9 views

CVE-2025-56676

TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as another user, due to improper validation of token-user linkage. This allows remote attackers to gain...

5.4CVSS0.00308EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.7 views

PT-2025-40002

Name of the Vulnerable Software and Affected Versions TitanSystems Zender version 3.9.7 Description TitanSystems Zender version 3.9.7 has an account takeover issue in its password reset feature. A temporary password or reset token for one user can be used to log in as another user because of...

5.4CVSS7AI score0.00308EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/09/30 12:0 a.m.4 views

CVE-2025-56676

TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as another user, due to improper validation of token-user linkage. This allows remote attackers to gain...

7AI score0.00308EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/03/16 12:0 a.m.4 views

NATS Server 访问控制错误漏洞

NATS Server is an open source messaging system. The system is mainly used for cloud-native applications, IoT messaging and microservices architecture. An access control error vulnerability exists in NATS Server 2.x before 2.2.0 and JWT library before 2.0.1, which stems from improper handling of...

7.5CVSS5.5AI score0.0146EPSS
Exploits1References2
Microsoft KB
Microsoft KB
added 2021/02/16 12:0 a.m.6 views

February 16, 2021-KB4601383 (OS Build 17763.1790) Preview

None None...

9CVSS6.8AI score0.13794EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2018/08/14 7:0 a.m.114 views

August 14, 2018—KB4343897 (OS Build 16299.611)

None None...

9.3CVSS6.8AI score0.73968EPSS
Exploits14
Microsoft KB
Microsoft KB
added 2018/08/14 7:0 a.m.94 views

August 14, 2018—KB4343892 (OS Build 10240.17946)

None None...

9.3CVSS6.8AI score0.68242EPSS
Exploits14
Microsoft KB
Microsoft KB
added 2018/08/14 7:0 a.m.55 views

August 14, 2018—KB4343885 (OS Build 15063.1266)

None None...

9.3CVSS6.8AI score0.73968EPSS
Exploits14
Rows per page
Query Builder