pyOpenSSL 0.14.x < 26.0.0 Security Bypass

The version of pyOpenSSL installed on the remote host is prior to 26.0.0. It is, therefore, affected by a security bypass vulnerability: - pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to...

pyOpenSSL 22.0.x < 26.0.0 Buffer Overflow

The version of pyOpenSSL installed on the remote host is prior to 26.0.0. It is, therefore, affected by a buffer overflow vulnerability: - pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to...

CVE-2026-48527 HaxCMS has a stored Cross-Site Scripting (XSS) bypass in saveNode endpoint

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

PT-2026-44828

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

UBUNTU-CVE-2026-49299

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0

Summary A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. Impact An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victi...

DEBIAN-CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

Linux Distros Unpatched Vulnerability : CVE-2026-27459

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to...

UBUNTU-CVE-2026-27459

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....

CVE-2026-27459 pyOpenSSL DTLS cookie callback buffer overflow

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....

CVE-2026-27448 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

pyOpenSSL 安全漏洞

pyOpenSSL is an open-source Python library that encapsulates OpenSSL from the Python Cryptographic Authority project. Versions of pyOpenSSL from 0.14.0 to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from unhandled exceptions in the settlsextservername Callback functio...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via the setcookiegeneratecallback function. An attacker can cause a buffer overflow by providing a callback that returns a cookie value greater than 256 bytes. Note: This is only exploitable if the application explicitly...

Session Fixation

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Session Fixation in the backchannel logout when browser cookies are missing. An attacker using the same brows...

Malicious code in @h1shiny/ismobile (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 41352c2bbbae70eddd76347925d3b58659e75bb8bb7773da87f544e9516ec3bd The OpenSSF Package Analysis project identified '@h1shiny/ismobile' @ 26.0.0 npm as malicious. It is considered malicious because: - The package...

Adobe Illustrator < 25.4.6 / 26.0.0 < 26.3.1 Multiple Vulnerabilities (APSB22-26) (macOS)

The version of Adobe Illustrator installed on the remote macOS host is prior to 25.4.6, 26.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB22-26 advisory. - Adobe Illustrator versions 26.0.2 and earlier and 25.4.5 and earlier are affected by an out-of-bounds...

PT-2024-21079 · Syncro Soft · Oxygen Xml Web Author +1

Name of the Vulnerable Software and Affected Versions: Oxygen XML Web Author versions prior to 26.0.0 Oxygen Content Fusion versions prior to 6.1 Description: The issue allows for Cross-Site Scripting XSS attacks using malicious URLs. Recommendations: For Oxygen XML Web Author versions prior to...

Moby 安全漏洞

Moby is an open source project designed to drive containerization of software and help the ecosystem mainstream container technology. A security vulnerability exists in Moby versions 26.0.0 and 26.0.1 that stems from a vulnerability that allows an attacker to enable IPv6 on an IPv4-only network...

Security Bulletin: IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vulnerable to multiple vulnerabilities

Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data is affected by opennms-opennms-source-26.0.0-1 dependent packages. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2020-8116 DESCRIPTION: Node.js dot-prop could allow a...