Lucene search
K

1071 matches found

OSV
OSV
added 2026/03/13 7:54 p.m.4 views

ALPINE-CVE-2026-2673

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...

6.5CVSS5.8AI score0.00435EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.8 views

CVE-2026-2673

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...

6.5CVSS5.9AI score0.00435EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/13 4:45 p.m.5 views

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' in the TLS 1.3 server key agreement group selection when the server configuration includes the 'DEFAULT' keyword. An attacker can influence the negotiation to u...

6.5CVSS5.9AI score0.00435EPSS
Exploits0References2
CVE
CVE
added 2026/03/13 1:23 p.m.92 views

CVE-2026-2673

OpenSSL CVE-2026-2673 affects OpenSSL 3.5 and 3.6 series. The issue arises when an OpenSSL TLS 1.3 server uses the DEFAULT keyword to interpolate a built-in/default group list into its own configuration, causing the group tuples to lose their structure. As a result, the server may treat all suppo...

6.5CVSS5.8AI score0.00435EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/13 1:23 p.m.2 views

CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...

5.8AI score0.00435EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/13 1:23 p.m.6 views

CVE-2026-2673

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...

5.8AI score0.00435EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/13 1:23 p.m.4 views

CVE-2026-2673

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...

6.5CVSS5.9AI score0.00435EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.8 views

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

6.5CVSS7.2AI score0.00435EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-2673

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the...

6.5CVSS7.3AI score0.00435EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/03/13 12:0 a.m.1 views

OpenSSL Security Advisory 20260313

OpenSSL Security Advisory 20260313 - An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword...

5.8AI score0.00435EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.4 views

FreeBSD : OpenSSL -- key agreement vulnerability (ee1e6a24-1eeb-11f1-81da-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ee1e6a24-1eeb-11f1-81da-8447094a420f advisory. The OpenSSL project reports: TLS 1.3 server may choose unexpected key agreement group Low An OpenSSL TL...

6.5CVSS5.9AI score0.00435EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2026/03/13 12:0 a.m.7 views

OpenSSL -- key agreement vulnerability

The OpenSSL project reports: TLS 1.3 server may choose unexpected key agreement group Low An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword...

6.5CVSS5.8AI score0.00435EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/03/11 10:9 a.m.4 views

CVE-2026-3783

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

5.3CVSS5.8AI score0.00333EPSS
Exploits1References4
curl security advisories
curl security advisories
added 2026/03/11 8:0 a.m.15 views

token leak with redirect and netrc

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

5.3CVSS7.6AI score0.00333EPSS
Exploits1References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.4 views

PT-2026-24843

Name of the Vulnerable Software and Affected Versions xierongwkhd weimai-wetapp versions prior to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 Description A security issue exists in xierongwkhd weimai-wetapp. The getAdmins function within the file source-code/src/main/java/com/moke/wp/wx...

5.8CVSS5.8AI score0.00202EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

weimai-wetapp SQL注入漏洞

Weimai-Wetapp is a movie ticket purchasing mini-program and backend management system developed by MO-KE individuals. Weimai-Wetapp has a SQL injection vulnerability, which stems from incorrect handling of the keyword parameter in the getAdmins function of the...

5.8CVSS5.9AI score0.00202EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24663

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under certain circumstances...

6.5CVSS6.8AI score0.00333EPSS
Exploits2References82
Snyk
Snyk
added 2026/03/10 12:57 a.m.2 views

Improper Check for Unusual or Exceptional Conditions

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the Utils class. An attacker can bypass configured keyword...

6.9CVSS5.8AI score0.00393EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/10 12:57 a.m.6 views

EUVD-2026-10547

Parse Server has denylist requestKeywordDenylist keyword scan bypass through nested object placement...

6.9CVSS5.8AI score0.00393EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.6 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.12 and 9.5.1-alpha.1. These vulnerabilities stemmed from logical flaws in the...

6.9CVSS5.8AI score0.00393EPSS
Exploits0References3
Rows per page
Query Builder