CVE-2026-40594 pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted prox...

CVE-2026-33810

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A security vulnerability exists in OpenClaw that stems from automatically discovering and loading plugins from .OpenClaw/extensions/ without explicit trust validation, which can be exploited by an attacker to cause arbitrar...

Sensitive Information Disclosure

@anthropic-ai/claude-code is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper trust validation during the project-load flow, which allows an attacker to supply a malicious repository configuration that redirects API requests to an attacker-controlled endpoint a...

EUVD-2009-3457

Malware in sbrugna...

SUSE CVE-2025-9708

A vulnerability exists in the Kubernetes C client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially...

CVE-2025-9708

A vulnerability exists in the Kubernetes C client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially...

Kashipara Hotel Management System 安全漏洞

Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site request forgery vulnerability exists in Kashipara Hotel Management System v1.0, which can be exploited by an attacker to forge a malicious request and trick a victim into clicking on it to perform a...

RHEL 8 : libreoffice (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libreoffice: Incorrect trust validation of signature with ambiguous KeyInfo children CVE-2021-25636 -...

CVE-2023-23901

Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the...

Important: ca-certificates

Issue Overview: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from...

Moderate: Red Hat Security Advisory: libreoffice security update

An update for libreoffice is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

RLSA-2022:7461 Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

RHEL 8 : libreoffice (RHSA-2022:7461)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7461 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a...

ALSA-2022:7461 Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

KLA12465 Security vulnerability in LibreOffice

Security vulnerability was found in LibreOffice. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories Incorrect trust validation of signature with ambiguous KeyInfo children Related products LibreOffice CVE list CVE-2021-25636 critical Solution Updat...

Adive Framework Cross-Site Request Forgery Vulnerability

Adive Framework is a PHP-based MySQL database management framework . A cross-site request forgery vulnerability exists in Adive Framework. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker could exploit this...

Critical Windows Vulnerability Discovered by NSA

Yesterday's Microsoft Windows patches included a fix for a critical vulnerability in the system's crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a...

ovirt-engine-sdk-python trust management issue vulnerability

ovirt-engine-sdk-python is a Python-based package that provides access to the oVirt Engine API. A trust management issue vulnerability in ovirt-engine-sdk-python versions prior to 3.4.0.7 and prior to 3.5.0.4, which stems from the program's failure to validate that the hostname of a remote endpoi...