Lucene search
K

2731 matches found

RedHat Linux
RedHat Linux
added yesterday2 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2 days ago3 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-57649 WordPress Shoppable Images Lite plugin <= 1.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...

4.3CVSS0.00213EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-39764

Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...

4.3CVSS5.8AI score0.00213EPSS
Exploits0References1
CVE
CVE
added last week9 views

CVE-2026-6679

CVE-2026-6679 describes a heap buffer overflow in the DTLS 1.3 ACK serialization path that occurs before the peer is authenticated. The root cause is an integer truncation when computing the length of the ACK record-number list, which leads to an undersized buffer and an overrun. Impact is on wol...

8.8CVSS6.1AI score0.00385EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added last week20 views

CVE-2026-6679 DTLS 1.3 ACK serialization heap buffer overflow via integer truncation

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...

8.8CVSS0.00385EPSS
Exploits0References2
Debian CVE
Debian CVE
added last week5 views

CVE-2026-6679

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...

8.8CVSS6AI score0.00385EPSS
Exploits0
RedHat Linux
RedHat Linux
added last week4 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/06/24 1:31 p.m.6 views

WordPress Image Sizes on Demand plugin <= 1.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Image Sizes on Demand versions = 1.3...

6.1CVSS5.8AI score0.00168EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/24 7:16 a.m.9 views

CVE-2026-8688

The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00227EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51682

Name of the Vulnerable Software and Affected Versions Image Sizes on Demand versions prior to 1.4 Description Insufficient input sanitization and output escaping in the PHP SELF server variable allow unauthenticated attackers to inject arbitrary web scripts. These scripts execute if a user is...

6.1CVSS6.1AI score0.00168EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/22 8:40 p.m.3 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in libcommons-compress-java

There is a vulnerability related to the “Unreachable Exit Condition” „Infinite Loop“ in Apache Commons Compress. This issue affects Apache Commons Compress versions from 1.3 to 1.25.0. Users are recommended to upgrade to version 1.26.0, which fixes this issue...

8.1CVSS6.6AI score0.00441EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Apache2

In some modssl configurations on the Apache HTTP Server 2.4.35 to 2.4.63, it is possible for trusted clients to bypass access controls using TLS 1.3 session resumption. These configurations are affected when modssl is configured for multiple virtual hosts, with each virtual host restricted to a...

9.1CVSS7.5AI score0.0097EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in json-smart

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4, which causes a denial of service DOS through a crafted web request...

7.5CVSS6.5AI score0.023EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37656

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2025-210235

Unauthenticated Local File Inclusion in Resurs = 1.3 versions...

8.1CVSS5.1AI score0.00435EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-40755

Unauthenticated PHP Object Injection in TechLink = 1.3 versions...

8.1CVSS0.0025EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-22334

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

7.5CVSS0.00467EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.11 views

CVE-2025-69167

Unauthenticated Local File Inclusion in Eros = 1.3 versions...

8.1CVSS0.00435EPSS
Exploits0References1
Rows per page
Query Builder