Akshay Jain

#9471of 53,633
29.2Total CVSS
Vulnerabilities · 4
Medium
2
High
1
Critical
1
PT-2026-39457
9.1
2026-05-10
Php · Php · CVE-2026-6104
**Name of the Vulnerable Software and Affected Versions** PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 **Description** An issue exists in the mbstring extension where passing an encoding name containing an embedded NUL byte to certain functions causes the code to incorrectly assume strings are of equal length when `strncasecmp()` returns 0. This can result in an out-of-bounds read of global memory, which may lead to information disclosure or a system crash. Affected functions include `mb convert encoding()`, `mb detect encoding()`, `mb convert variables()`, and `mb detect order()`. Additionally, the `mbstring.detect order` and `mbstring.http output` INI settings are affected. **Recommendations** Update PHP version 8.4.x to 8.4.21. Update PHP version 8.5.x to 8.5.6.
PT-2026-28589
5.8
2026-03-27
Libjwt · Libjwt · CVE-2026-33996
**Name of the Vulnerable Software and Affected Versions** LibJWT versions 3.0.0 through 3.2.9 **Description** LibJWT, a C JSON Web Token Library, has an issue in the RSA-PSS JWK parsing functionality. Versions prior to 3.3.0 do not adequately validate JSON string values, specifically failing to protect against NULL values. A crafted JWK file containing integers where strings are expected can exploit this. It is recommended to avoid importing keys from untrusted sources and to use the `jwk2key` tool to validate JWK files. If possible, avoid using JWK files with RSA-PSS keys. **Recommendations** Update to LibJWT version 3.3.0 or later. As a workaround, do not import keys through a JWK file from untrusted sources. Use the `jwk2key` tool to check the validity of a JWK file. Avoid using JWK files with RSA-PSS keys if possible.
PT-2016-5652
6.8
2016-06-13
Huawei · Huawei Wear App · CVE-2016-3677
**Name of the Vulnerable Software and Affected Versions** Huawei Wear App version prior to 15.0.0.307 **Description** The issue concerns the Huawei Wear App's failure to validate SSL certificates, allowing local users to have an unspecified impact. **Recommendations** For versions prior to 15.0.0.307, update to version 15.0.0.307 or later to resolve the issue.
PT-2016-5804
7.5
2016-06-13
Huawei · Huawei Hilink App · CVE-2016-4005
**Name of the Vulnerable Software and Affected Versions** Huawei Hilink App version prior to 3.19.2 **Description** The issue concerns the Huawei Hilink App's failure to validate SSL certificates, allowing local users to have an unspecified impact. **Recommendations** For versions prior to 3.19.2, update to version 3.19.2 or later to resolve the issue.