42247 matches found
Batch Me If You Can: Coverage-Guided RPKI Fuzzing at Scale
The Resource Public Key Infrastructure RPKI has become essential to secure inter-domain routing. Despite its critical role, RPKI software remains largely untested beyond shallow parsing. Existing fuzzers, like AFL++ or libFuzzer, do not work well for RPKI as they assume a single, self-contained...
📄 ZTE ZXHN H298A / H108N Credential Disclosure
A single unauthenticated HTTP GET to /getpage.lua?pid=1000ÐCheat=1 on ZTE H298A or H108N routers returns the live administrator password OBJUSERINFOIDPassword1, WLAN PSK WLANPSKKeyPassphrase1, and SSID in plaintext HTML. A second endpoint exposes the device serial number. -----BEGIN SECURITY...
GnuTLS 安全漏洞
GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. GnuTLS libgnutls has a security vulnerability that stems from the transmission of extremely short pre-master keys during RSA key exchanges. This...
PT-2026-43236
The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used 4500/UDP. As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service temporary interruption of VPN...
epa4all-client 数据伪造问题漏洞
epa4all-client is an open-source document writing client tool developed by Oviva AG. Versions of epa4all-client prior to version 1.2.2 contained a data manipulation vulnerability. This vulnerability arises from the possibility for a man-in-the-middle attacker to replace the discovered documents...
Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2026-1757)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1757 advisory. GnuTLS didn't check that DTLS fragments claimed a consistent messagelength value. Additionally, a crucial array size check was missing, enabling an attacker to cause a heap overwrite...
GnuTLS 安全漏洞
GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. GnuTLS has a security vulnerability, which stems from a single-bit error in the bounds checking of PKCS12 package elements. This vulnerability could...
PT-2026-43441
Name of the Vulnerable Software and Affected Versions netty incubator codec.bhttp versions prior to 0.0.21.Final Description The HKDF expand function returns a non-NULL byte array filled with zeros upon failure, making it impossible to distinguish between a successful operation and a failure. Thi...
TencentOS Server 3: git-lfs (TSSA-2026:0380)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0380 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
PT-2026-47002
A flaw was found in gnutls. A use after free issue in client sending key share extension may lead to memory corruption and other consequences...
PT-2026-43378
code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...
Linux Distros Unpatched Vulnerability : CVE-2026-48850
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PuTTY 0.72 before 0.84 has a double free in RSA KEX. CVE-2026-48850 Note that Nessus relies on the presence of the package as reported by the vendor...
PT-2026-43319
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The getInstance function within the InputFilter class fails to include a security-sensitive parameter when generating the instance cache key. Recommendations At...
TencentOS Server 3: grafana (TSSA-2026:0374)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0374 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
PT-2026-43235
The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality...
CVE-2026-27172
A flaw was found in the camel-consul component of Apache Camel. An attacker with write access to the Consul Key-Value KV store could inject a malicious serialized Java object. When Apache Camel's ConsulRegistry deserializes this object, it can lead to arbitrary code execution within the Camel...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect in handling shiroSavedRequest cookies, which use unprotected/unencrypted values for SAVEDREQUESTKEY. An authenticated user can cause the server to make blind HTTP GET requests to arbitrary URLs or redirect users to untrust...
CVE-2026-48850
PuTTY 0.72 before 0.84 has a double free in RSA KEX...
DEBIAN-CVE-2026-48850
PuTTY 0.72 before 0.84 has a double free in RSA KEX...
UBUNTU-CVE-2026-48850
PuTTY 0.72 before 0.84 has a double free in RSA KEX...