Lucene search
K

70 matches found

Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51585

Name of the Vulnerable Software and Affected Versions Event-Driven Ansible affected versions not specified Description A missing authorization issue exists in the websocket API. The '/api/eda/ws/ansible-rulebook' endpoint fails to verify user permissions when processing Worker messages. This allo...

9.6CVSS6AI score0.0037EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:2393-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2393-1 advisory. This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String...

9.1CVSS5.9AI score0.02719EPSS
Exploits0References28
Github Security Blog
Github Security Blog
added 2026/06/19 9:15 p.m.5 views

TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover

TinaCMS registers window message listeners — the useTina overlay handler, the OAuth authentication popup handler, and the admin↔preview iframe GraphQL reducer — that act on event.data without verifying event.origin or event.source, and post messages using non-specific target origins. A page the...

7.6CVSS5.8AI score0.00196EPSS
Exploits0References3Affected Software2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Thunderbird

The Matrix JavaScript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker working alongside a malicious home server could create messages that appeared to be sent by another person, without any indication such as a gray shield. Additionally, a sophisticated...

8.6CVSS7AI score0.00872EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/15 5:6 a.m.134 views

Exploit for CVE-2026-10795

CVE Lab: CVE-2026-10795 - UpdraftPlus UpdraftCentral RPC Authe...

8.1CVSS6.6AI score0.03578EPSS
Exploits3
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:3 a.m.9 views

CMS AuthEnvelopedData Processing May Accept Forged Messages

...

9.1CVSS5.3AI score0.00237EPSS
Exploits0
OSV
OSV
added 2026/06/13 12:3 a.m.24 views

RLSA-2026:25239 Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-73...

9.1CVSS5.8AI score0.02719EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.7 views

openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...

9.1CVSS5.4AI score0.00237EPSS
Exploits0References4
OSV
OSV
added 2026/06/09 5:14 p.m.10 views

USN-8414-1 openssl vulnerabilities

Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or obtain sensitive information. CVE-2026-34180 Pavol Zacik and Alex Gaynor discovered that OpenSSL...

9.1CVSS6.1AI score0.02719EPSS
Exploits0References16
CVE
CVE
added 2026/06/09 4:3 p.m.241 views

CVE-2026-34182

CVE-2026-34182 describes a vulnerability in CMS AuthEnvelopedData processing in OpenSSL where insufficient input validation on cipher and tag length can allow forged or manipulated messages. Attack scenarios include selecting non-AEAD ciphers (e.g., AES-256-OFB) that bypasses integrity checks and...

9.1CVSS5.5AI score0.00237EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/09 12:0 a.m.5 views

UBUNTU-CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

9.1CVSS5.4AI score0.00237EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2026/06/09 12:0 a.m.9 views

FreeBSD -- Multiple vulnerabilities in OpenSSL

Problem Description: Multiple issues have been reported as part of this advisory with different issues affecting different OpenSSL versions and therefore different FreeBSD versions. Instead of exhaustively listing detailed writeups for each issue, please see the referenced advisory from OpenSSL...

9.1CVSS6.2AI score0.02719EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

FreeScout 数据伪造问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.220 contained a data manipulation vulnerability. This vulnerability stemmed from the use of In-Reply-To/References headers in...

7.5CVSS5.7AI score0.00145EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

Ella Core 安全漏洞

Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of whether the...

7.1CVSS5.8AI score0.00166EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/26 7:34 p.m.11 views

CVE-2026-44214 eventsource-encoder: SSE event injection via unsanitized event and id fields

eventsource-encoder encodes events as well-formed EventSource/Server Sent Event SSE messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Event...

5.8CVSS5.9AI score0.00277EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

Spring Cloud AWS 数据伪造问题漏洞

Spring Cloud AWS is an open-source development framework from awspring, designed for integration with AWS cloud services within the Spring ecosystem. Versions 3.0.0 to 4.0.1 of Spring Cloud AWS contain a data manipulation vulnerability. This vulnerability stems from the lack of validation of the...

6.3CVSS5.7AI score0.00179EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/11 3:18 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the handling of PDUSessionResourceSetupResponse messages carrying AMF-UE-NGAP-ID. An attacker can redirect downlink user-plane traffic for any targeted UE to their own radio by sending a forged message with a...

7.1CVSS5.3AI score0.00166EPSS
Exploits0References3
NVD
NVD
added 2026/04/21 12:16 a.m.4 views

CVE-2026-41301

OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairi...

6.9CVSS0.00253EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/21 12:11 a.m.7 views

Improper Verification of Cryptographic Signature

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the Nostr DM ingress path. An attacker can cause unauthorized pairing challenges to be issued and consume shared pairing capacity by...

6.9CVSS5.7AI score0.00253EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:13 a.m.10 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Rows per page
Query Builder