4 matches found
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...
CVE-2026-25160 Alist has Insecure TLS Config
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...
GO-2025-3966 Dragonfly's manager makes requests to external endpoints with disabled TLS authentication in d7y.io/dragonfly
Dragonfly's manager makes requests to external endpoints with disabled TLS authentication in d7y.io/dragonfly...
Dragonfly 信任管理问题漏洞
Dragonfly is an open source framework from DragonflyDB that allows dynamic processing of any content type. A trust management issue vulnerability exists in Dragonfly versions prior to 2.1.0 that stems from disabling TLS certificate validation, which could lead to man-in-the-middle attacks and...