CVE-2026-34872

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...

curl: Bypassing Strict SSH Server Verification via Connection Pool Reuse in libcurl

Summary There is a logic flaw in how libcurl manages its connection pool for SSH protocols SFTP/SCP. When evaluating an existing connection for reuse, sshconfigmatches in lib/url.c fails to compare server identity verification policies. By ignoring CURLOPTSSHKNOWNHOSTS, CURLOPTSSHHOSTPUBLICKEYMD5...

AlmaLinux 8 : nginx:1.24 (ALSA-2026:5581)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:5581 advisory. nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 Tenable has extracted the preceding description block directly...

n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no

Impact When the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server could intercept the connection and present a fraudulent host key,...

nginx:1.24 security update

1.24.0-2.0.1 - Remove Red Hat references Orabug: 29498217 1:1.24.0-2 - Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 1:1.24.0-1 - Resolves: RHEL-14714 - add nginx:1.24 to RHEL 8.10 1:1.22.1-2 - Resolves:...

EulerOS Virtualization 2.12.1 : curl (EulerOS-SA-2026-1421)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl,changing TLS options in one thread would inadvertently change th...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1574)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.12.0 : curl (EulerOS-SA-2026-1478)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl,changing TLS options in one thread would inadvertently change th...

EUVD-2026-10497

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...

CVE-2026-2741

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 15.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...

CVE-2026-2741

CVE-2026-2741 affects Vaadin’s build process which automatically downloads and extracts Node.js when not installed locally. A path traversal flaw in specially crafted ZIP archives can make files be written outside the intended extraction directory during Node.js download/extraction for Vaadin ver...

MiracleLinux 9 : nginx:1.24 (AXSA:2026-260:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-260:01 advisory. nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 Tenable has extracted the preceding description block...

CVE-2026-23810

A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point AP to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key GTK associated with the victim's BSSID...

EUVD-2026-8516

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle MitM attack, which may...

CVE-2026-3100

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle MitM attack, which may...

Amazon Linux 2 : curl, --advisory ALAS2-2026-3173 (ALAS-2026-3173)

The version of curl installed on the remote host is prior to 8.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3173 advisory. curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host...

Medium: nginx

Issue Overview: A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side--along with conditions beyond the attacker's control--may be able to inject...

Mageia: Security Advisory (MGASA-2026-0033)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-66600

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS HTTP Strict Transport Security configuration. When an attacker performs a Man in the middle MITM attack, communications with the web server could be sniffed. The affected products and...

CVE-2025-66600

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS HTTP Strict Transport Security configuration. When an attacker performs a Man in the middle MITM attack, communications with the web server could be sniffed. The affected products and...