Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/27 12:14 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...

10CVSS6.6AI score0.06157EPSS
Exploits2References2
OSV
OSV
added 2026/02/04 7:40 p.m.6 views

CVE-2026-25160 Alist has Insecure TLS Config

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...

9.1CVSS5.2AI score0.00234EPSS
Exploits1References4
OSV
OSV
added 2025/09/24 7:21 p.m.6 views

GO-2025-3966 Dragonfly's manager makes requests to external endpoints with disabled TLS authentication in d7y.io/dragonfly

Dragonfly's manager makes requests to external endpoints with disabled TLS authentication in d7y.io/dragonfly...

6.9CVSS7.1AI score0.00159EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.5 views

Dragonfly 信任管理问题漏洞

Dragonfly is an open source framework from DragonflyDB that allows dynamic processing of any content type. A trust management issue vulnerability exists in Dragonfly versions prior to 2.1.0 that stems from disabling TLS certificate validation, which could lead to man-in-the-middle attacks and...

6.9CVSS8.6AI score0.00159EPSS
Exploits0References2
Rows per page
Query Builder