CVE-2025-41705

An unauthenticated remote attacker MITM can intercept the websocket messages to gain access to the login credentials for the Webfrontend...

CVE-2025-41705 Phoenix Contact: WebSocket Message Interception Leaks Webfrontend Credentials

An unauthenticated remote attacker MITM can intercept the websocket messages to gain access to the login credentials for the Webfrontend...

CVE-2025-41705 Phoenix Contact: WebSocket Message Interception Leaks Webfrontend Credentials

An unauthenticated remote attacker MITM can intercept the websocket messages to gain access to the login credentials for the Webfrontend...

EUVD-2025-7070

Malicious code in bioql PyPI...

Uptime Kuma Authenticated remote code execution via TailscalePing

Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on the server. Details When adding a new monitor on Uptime Kuma, we can select the "Tailscale Ping"...

Mattermost 信任管理问题漏洞

Mattermost is an open source collaboration platform from US-based Mattermost. A security vulnerability exists in Mattermost iOS that stems from a failure to properly validate server certificates when initializing a TLS connection, allowing an attacker to intercept WebSockets connections...

Authorization Bypass

socket.io-file is vulnerable to authorization bypass. The validation for valid file types happens on the client-side and allows an attacker to intercept the Websocket request post-validation and alter the name value to upload any file types...