Lucene search
K

360 matches found

CNNVD
CNNVD
added 2026/04/07 12:0 a.m.5 views

SoftEther VPN 安全漏洞

SoftEther VPN is a free, open-source, cross-platform, and multi-protocol VPN software developed by SoftEther. It provides secure, flexible, and efficient network connections, allowing users to bypass geographical restrictions. SoftEther VPN versions 5.2.5188 and earlier contain security...

7.5CVSS5.8AI score0.0045EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15426

A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected device. This vulnerability is due to improper management of memory resources during TLS connection setup. An attacker could exploit this...

7.4CVSS5.8AI score0.00179EPSS
Exploits0References2
CVE
CVE
added 2026/03/25 4:4 p.m.74 views

CVE-2026-20004

Cisco IOS XE TLS library vulnerability (CVE-2026-2004) could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, causing a reload and DoS. Root cause: improper memory management during TLS setup. Exploitation involves repeated TLS-triggering actions such as EAP at...

7.4CVSS5.8AI score0.00179EPSS
Exploits0References1
Cisco
Cisco
added 2026/03/25 4:0 p.m.20 views

Cisco IOS XE Software TLS Memory Exhaustion Denial of Service Vulnerability

A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected device. This vulnerability is due to improper management of memory resources during TLS connection setup. An attacker could exploit this...

7.4CVSS5.8AI score0.00179EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-27787

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the TLS library of Cisco IOS XE Software that may allow a nearby, unauthenticated attacker to deplete the memory of a vulnerable device. This is caused by...

7.4CVSS5.9AI score0.00179EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.4 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : strongSwan vulnerability (USN-8117-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8117-1 advisory. Kazuma Matsumoto discovered that strongSwan incorrectly handled EAP-TTLS AVPs when using the eap-ttls plugin. An attacker could possibly use...

8.7CVSS5.9AI score0.01013EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/03/24 2:13 p.m.25 views

CVE-2026-27651 NGINX ngx_mail_auth_http_module vulnerability

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS0.00921EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/03/23 2:30 p.m.5 views

USN-8117-1: strongSwan vulnerability

Kazuma Matsumoto discovered that strongSwan incorrectly handled EAP-TTLS AVPs when using the eap-ttls plugin. An attacker could possibly use this issue to cause strongSwan to consume resources and crash, resulting in a denial of service...

8.7CVSS5.8AI score0.01013EPSS
Exploits2
OSV
OSV
added 2026/03/23 2:30 p.m.7 views

USN-8117-1 strongswan vulnerability

Kazuma Matsumoto discovered that strongSwan incorrectly handled EAP-TTLS AVPs when using the eap-ttls plugin. An attacker could possibly use this issue to cause strongSwan to consume resources and crash, resulting in a denial of service...

8.7CVSS5.8AI score0.01013EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2026/03/23 1:0 p.m.4 views

CVE-2026-25075

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the...

8.7CVSS5.9AI score0.01013EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

strongSwan 代码问题漏洞

strongSwan is an open-source VPN solution based on IPsec, developed by Andreas Steffen of Switzerland for Linux platforms. This solution includes X.509 public key certificates, secure storage of private keys, and authentication mechanisms such as smart cards. Prior to version 6.0.5 of strongSwan,...

8.7CVSS6.1AI score0.01013EPSS
Exploits2References3
CVE
CVE
added 2026/03/10 8:46 p.m.9 views

CVE-2026-30967

Parse Server is affected when using the generic OAuth2 authentication adapter (oauth2: true) without setting useridField. Prior to 9.5.2-alpha.9 and 8.6.22, the adapter only verified token activity via the provider’s introspection endpoint and did not confirm that the token belongs to the user id...

8.8CVSS5.8AI score0.00333EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.7 views

PT-2026-24137

Name of the Vulnerable Software and Affected Versions Pocket ID versions prior to 2.4.0 Description Pocket ID is an OIDC provider susceptible to cross-client code exchange and expired code reuse. The OIDC token endpoint incorrectly validates authorization codes, only rejecting them when both the...

9.9CVSS5.8AI score0.22162EPSS
Exploits68References137
OSV
OSV
added 2026/02/20 9:46 a.m.8 views

CLSA-2026-1771519663 libsoup: Fix of 2 CVEs

CVE-2026-1761: fix stack-based buffer overflow in multipart HTTP response parsing caused by incorrect length calculation in soupfilterinputstreamreaduntil - CVE-2026-0719: fix stack-based buffer overflow in NTLM authentication caused by integer overflow in md4sum with excessively long passwords...

8.6CVSS6.1AI score0.00947EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/17 4:13 p.m.7 views

BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability

BRC-104 Authentication Signature Data Preparation Vulnerability Summary A critical cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature incompatibility between SDK implementations and potentia...

5.4CVSS5.8AI score0.00286EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/11 10:35 a.m.4 views

libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

8.6CVSS5.9AI score0.00557EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/10 8:45 a.m.5 views

libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

8.6CVSS5.9AI score0.00557EPSS
Exploits0References5
NVD
NVD
added 2026/02/04 6:16 p.m.8 views

CVE-2026-25532

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...

8CVSS0.00213EPSS
Exploits0References8
OSV
OSV
added 2026/02/04 5:58 p.m.5 views

CVE-2026-25532 ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Underflow

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...

6.3CVSS5.6AI score0.00213EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.4 views

Espressif ESP-IDF 数字错误漏洞

Espressif ESP-IDF is an IoT development framework developed by Espressif, a Chinese company. Versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6 of Espressif ESP-IDF contain numerical error vulnerabilities. These vulnerabilities stem from integer underflow during the processing ofEAP-WSC packets in th...

8CVSS5.8AI score0.00213EPSS
Exploits0References9
Rows per page
Query Builder