1071 matches found
ALPINE-CVE-2026-2673
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...
CVE-2026-2673
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Overview Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' in the TLS 1.3 server key agreement group selection when the server configuration includes the 'DEFAULT' keyword. An attacker can influence the negotiation to u...
CVE-2026-2673
OpenSSL CVE-2026-2673 affects OpenSSL 3.5 and 3.6 series. The issue arises when an OpenSSL TLS 1.3 server uses the DEFAULT keyword to interpolate a built-in/default group list into its own configuration, causing the group tuples to lose their structure. As a result, the server may treat all suppo...
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...
CVE-2026-2673
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...
CVE-2026-2673
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...
OpenSSL 安全漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
Linux Distros Unpatched Vulnerability : CVE-2026-2673
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the...
OpenSSL Security Advisory 20260313
OpenSSL Security Advisory 20260313 - An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword...
FreeBSD : OpenSSL -- key agreement vulnerability (ee1e6a24-1eeb-11f1-81da-8447094a420f)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ee1e6a24-1eeb-11f1-81da-8447094a420f advisory. The OpenSSL project reports: TLS 1.3 server may choose unexpected key agreement group Low An OpenSSL TL...
OpenSSL -- key agreement vulnerability
The OpenSSL project reports: TLS 1.3 server may choose unexpected key agreement group Low An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword...
CVE-2026-3783
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...
token leak with redirect and netrc
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...
PT-2026-24843
Name of the Vulnerable Software and Affected Versions xierongwkhd weimai-wetapp versions prior to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 Description A security issue exists in xierongwkhd weimai-wetapp. The getAdmins function within the file source-code/src/main/java/com/moke/wp/wx...
weimai-wetapp SQL注入漏洞
Weimai-Wetapp is a movie ticket purchasing mini-program and backend management system developed by MO-KE individuals. Weimai-Wetapp has a SQL injection vulnerability, which stems from incorrect handling of the keyword parameter in the getAdmins function of the...
PT-2026-24663
Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under certain circumstances...
Improper Check for Unusual or Exceptional Conditions
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the Utils class. An attacker can bypass configured keyword...
EUVD-2026-10547
Parse Server has denylist requestKeywordDenylist keyword scan bypass through nested object placement...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.12 and 9.5.1-alpha.1. These vulnerabilities stemmed from logical flaws in the...