13 matches found
EUVD-2026-37769
undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse...
CVE-2026-6733 undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse
Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...
EUVD-2026-11705
Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS...
CVE-2025-65827
The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. TThis may result in a total compromise o...
CVE-2025-65830
Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if t...
EUVD-2025-202618
The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. TThis may result in a total compromise o...
CVE-2025-65827
The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. TThis may result in a total compromise o...
CVE-2025-65830
Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if t...
CVE-2025-65830
Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if t...
CVE-2025-65830
Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if t...
PT-2025-50538
Name of the Vulnerable Software and Affected Versions Mobile application affected versions not specified Description A missing certificate validation allows an attacker positioned upstream to intercept and decrypt TLS traffic from the mobile application. This interception enables the attacker to...
CVE-2025-65830
CVE-2025-65830 describes a vulnerability in the Meatmeet Pro App where missing certificate validation enables a man-in-the-middle attack on TLS traffic. Upstream attackers could decrypt, inspect, and modify requests, potentially leading to full account compromise if active authentication tokens a...
CVE-2025-65827
The CVE describes a mobile application configured to allow clear text traffic to all domains and to communicate with its API server over HTTP. The underlying issue is that traffic can be intercepted and modified by an upstream adversary, potentially leading to a total compromise of a user’s accou...