6158 matches found
CVE-2026-42486
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
CVE-2026-23562
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
CVE-2026-23559
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payloads
A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by sending specially crafted Redis payloads across multiple connections without proper termination. This can exhaust the server's direct memory pool, leading to a Denial of Service DoS condition where legitima...
EUVD-2026-42608
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
CVE-2026-42486 Multiple RBAC issues in XAPI
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
EUVD-2026-42607
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
CVE-2026-23562 Multiple RBAC issues in XAPI
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
EUVD-2026-42603
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
EUVD-2026-42602
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing
A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from...
CVE-2026-14647
ONNX Runtime (onnxruntime) up to 1.21.x is affected by CVE-2026-14647 due to a weakness in convPoolShapeInference_opset19 in ONNX’s old.cc (onnx/defs/nn). The root cause is an out-of-bounds read introduced in this path, enabling remote exploitation. Public exploits exist per the description. Reme...
PT-2026-55726
Name of the Vulnerable Software and Affected Versions onnx versions prior to 1.22.0 Description A weakness in the onnxruntime component allows for a remote out-of-bounds read. This occurs within the convPoolShapeInference opset19 function located in the onnx/defs/nn/old.cc file. Recommendations...
Authentication Bypass by Primary Weakness
Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the connection pool process. An attacker can bypass intended certificate validation by reusing a handle that initially used the default native CA trust and then switching it to custom CA...
CVE-2026-11564
libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...
CVE-2026-8932
CVE-2026-8932 : The vulnerability describes incomplete mTLS config matching in libcurl’s connection reuse logic. A previously used TLS client-certificate-related setting (notably the private key) was omitted from the configuration match checks, causing connections in the pool to be reused even wh...
EUVD-2026-41509
libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...
CVE-2026-8458
CVE-2026-8458 affects libcurl where, under Negotiate-authenticated requests, a logical error can cause a reused connection to be authenticated for a different service. This could allow a request to be served using credentials for another service, impacting integrity (high) and potentially exposin...
CVE-2026-8458 wrong reuse for different services
libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...
EUVD-2026-41499
libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...