Lucene search
K

489 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2 hours ago5 views

Security Bulletin: Multiple vulnerabilities affect IBM Cloud Pak System

Summary Multiple vulnerabilities affect IBM Cloud Pak System. These vulnerabilties have been addressed with IBM Cloud Pak System 2.3.5.1. Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption c...

8.3CVSS7.5AI score0.01744EPSS
Exploits1Affected Software1
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.280 views

ACME mini_httpd <1.30 - Local File Inclusion

ACME minihttpd before 1.30 is vulnerable to local file inclusion. id: CVE-2018-18778 info: name: ACME minihttpd 1.30 - Local File Inclusion author: DhiyaneshDK,dogasantos severity: medium description: ACME minihttpd before 1.30 is vulnerable to local file inclusion. impact: | Successful...

6.5CVSS6.7AI score0.74036EPSS
Exploits0References5
OSV
OSV
added 2026/07/01 12:3 p.m.3 views

RLSA-2026:30844 Moderate: mod_md security update

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: httpd:...

7.5CVSS7.1AI score0.00628EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/29 6:28 p.m.6 views

Moderate: Red Hat Security Advisory: mod_md security update

An update for modmd is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.3CVSS7AI score0.00628EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-384 Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise

Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via ACME acmeurl SSRF and creator-equality IDOR Vulnerability Summary Field | Value -- | -- Title | Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via...

9.9CVSS6AI score
Exploits0References6
OSV
OSV
added 2026/06/29 12:0 a.m.4 views

ALSA-2026:30845 Moderate: mod_md security update

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: httpd:...

7.3CVSS7.1AI score0.00628EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5262 HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS in github.com/hashicorp/vault

HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS in github.com/hashicorp/vault...

8.6CVSS5.8AI score0.00332EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 10:45 p.m.10 views

MAL-2026-6231 Malicious code in improvado-layout-panel-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61cc6b0b5d5efe4675f4159e8bc8f6380970614c1dc36b553207fa73fa66104e The package's top-level fluentpanelmetrics/init.py defines bootstrapruntimeprofile and unconditionally invokes it at import. The function opens a TCP...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/19 12:53 a.m.8 views

MAL-2026-6182 Malicious code in fluent-panel-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95598f66d3e0a4ecbfe9dcd01c1d5f0be9b78bee23b200758a92dac8f8a00d9e fluentpanelmetrics/init.py defines bootstrapruntimeprofile and invokes it unconditionally at module load. The function opens a TCP socket to the...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 12:53 a.m.7 views

Malicious code in fluent-panel-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95598f66d3e0a4ecbfe9dcd01c1d5f0be9b78bee23b200758a92dac8f8a00d9e fluentpanelmetrics/init.py defines bootstrapruntimeprofile and invokes it unconditionally at module load. The function opens a TCP socket to the...

5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.10 views

EUVD-2026-37201

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

9.8CVSS8.1AI score0.00934EPSS
Exploits0References6
NVD
NVD
added 2026/06/16 8:16 p.m.9 views

CVE-2026-10303

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

7.4CVSS0.00757EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/16 6:24 p.m.21 views

CVE-2026-10303 ServerCo getssl ACME shell script path injection

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

7.4CVSS0.00757EPSS
Exploits0References5
CVE
CVE
added 2026/06/16 6:24 p.m.16 views

CVE-2026-10303

CVE-2026-10303 affects ServerCo getssl up to version 2.49. The ACME challenge token returned to clients was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attac...

7.4CVSS5.5AI score0.00757EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.9 views

PT-2026-49822

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

7.4CVSS5.4AI score0.00757EPSS
Exploits0References8
Fedora
Fedora
added 2026/05/19 1:33 a.m.14 views

[SECURITY] Fedora 43 Update: mod_md-2.6.11-2.fc43

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...

7.3CVSS5.8AI score0.00628EPSS
Exploits0
Veracode
Veracode
added 2026/05/16 5:32 a.m.6 views

Arbitrary File Write And Deletion

github.com/go-acme/lego is vulnerable to arbitrary file write and deletion. The vulnerability is due to improper validation of the HTTP-01 challenge token in the webroot challenge provider, which allows a malicious ACME server to supply crafted ../ path traversal sequences and write or delete fil...

8.8CVSS6.1AI score0.0034EPSS
Exploits0References7Affected Software3
RedhatCVE
RedhatCVE
added 2026/04/24 2:48 p.m.6 views

CVE-2026-40611

A flaw was found in lego, the Let's Encrypt client and ACME library written in Go. A malicious ACME Automated Certificate Management Environment server can exploit a path traversal vulnerability in the webroot HTTP-01 challenge provider. By supplying a specially crafted challenge token containing...

8.8CVSS5.6AI score0.0034EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/23 1:23 a.m.6 views

SUSE CVE-2026-40611

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

8.8CVSS5.9AI score0.0034EPSS
Exploits0References3
NVD
NVD
added 2026/04/21 6:16 p.m.5 views

CVE-2026-40611

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

8.8CVSS0.0034EPSS
Exploits0References5
Rows per page
Query Builder