Node.js: TLS host identity verification bypass via session reuse with different servername leads to unauthorized connections

Vulnerability description not provided...

PT-2026-4301

Name of the Vulnerable Software and Affected Versions EVMAPA affected versions not specified Description A missing authentication mechanism in a WebSocket endpoint allows unauthorized access to sensitive data and potential privilege escalation. Attackers can establish connections without...

CVE-2025-23206

The AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow...

CVE-1999-0160

Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections...

CVE-1999-0526

An X server's access control is disabled e.g. through an "xhost +" command and allows anyone to connect to the server...

CVE-1999-0017

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce...

CVE-2024-2215

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

PT-2026-1835

Name of the Vulnerable Software and Affected Versions MicroServer affected versions not specified Description An unused function in MicroServer can initiate a reverse SSH connection to a vendor-registered domain without mutual authentication. An attacker with local network access and administrati...

CVE-2025-65842

The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...

CVE-2025-59460

The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections...

CVE-2025-59460

The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections...

CVE-2025-59460 Unsecure access configuration

The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections...

EUVD-2025-36150

The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections...

CVE-2025-59460

Technical details about CVE-2025-59460 are not publicly available in the provided documents. Monitor for updates.

EUVD-2021-21441

Malware in sbrugna...

EUVD-2018-1307

Malware in sbrugna...

EUVD-2006-6452

Malware in sbrugna...

EUVD-1999-0160

Malware in sbrugna...

EUVD-2004-0155

Malware in sbrugna...

EUVD-2014-3264

Malware in sbrugna...