Lucene search
K

1819 matches found

OSV
OSV
added 2026/06/01 7:45 a.m.5 views

SUSE-SU-2026:2197-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. - CVE-2026-35329: null pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling EAP-SIM/AKA...

5.8AI score
Exploits6References13
Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.72 views

strongSwan 5.9.13 - DoS

Exploit Title: strongSwan 5.9.13 - DoS Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version: strongSwan next never advances and the per-attribute length computation...

5.8AI score
Exploits3
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.70 views

📄 strongSwan 5.9.13 Denial of Service

strongSwan version 5.9.13 suffers from a denial of service vulnerability. Exploit Title: strongSwan 5.9.13 - DoS Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version:...

5.8AI score
Exploits3
Packet Storm News
Packet Storm News
added 2026/05/28 12:0 a.m.12 views

Strengthening Polymorphic Prompt Assembling: Dynamic Separator Generation against Emerging Prompt Injection Attacks

Polymorphic Prompt Assembling PPA defends LLM agents against prompt injections by randomly selecting separator pairs from a fixed pool to isolate user input from system instructions. Although effective, static pool reuse exposes a blast-radius vulnerability: once a separator leaks, it can be...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/22 2:59 p.m.8 views

CLSA-2026-1779461988 krb5: Fix of 3 CVEs

CVE-2024-3596: generate and verify Message-Authenticator MACs in libkrad to mitigate the BlastRADIUS attack on the RADIUS protocol; includes follow-up fix for uninitialized pointer dereference in kradpacketdecoderequest - CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap...

9.1CVSS6AI score0.14859EPSS
Exploits2References1
vulnersOsv
vulnersOsv
added 2026/05/19 9:31 a.m.8 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +174 more potentially affected by CVE-2026-8830 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.6.2)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

4.3CVSS5.4AI score0.00392EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.14 views

openSUSE 16 Security Update : strongswan (openSUSE-SU-2026:20678-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20678-1 advisory. Update to version 6.0.6 jscPED-16145. Security issued fixed: - CVE-2026-35328: infinite loop when handling supported versions TLS extension...

6AI score
Exploits6References21
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.10 views

SUSE SLES12 Security Update : strongswan (SUSE-SU-2026:1762-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1762-1 advisory. - CVE-2026-35329: NULL pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling...

5.8AI score
Exploits6References19
Packet Storm News
Packet Storm News
added 2026/05/09 12:0 a.m.8 views

AI Native Asset Intelligence

Modern security environments generate fragmented signals across cloud resources, identities, configurations, and third-party security tools. Although AI-native security assistants improve access to this data, they remain largely reactive: users must ask the right questions and interpret...

5.8AI score
Exploits0
SUSE Linux
SUSE Linux
added 2026/05/08 8:58 a.m.8 views

Security update for strongswan

This update for strongswan fixes the following issues: CVE-2026-35329: NULL pointer dereference when processing padding in PKCS7 bsc1261717. CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes bsc1261705. CVE-2026-35331: acceptance of certificates violating X.509 name constrain...

9.2CVSS5.8AI score
Exploits6References24
OSV
OSV
added 2026/05/08 8:58 a.m.6 views

SUSE-SU-2026:1762-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2026-35329: NULL pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes bsc1261705. - CVE-2026-35331: acceptance of certificates violating X.509 name...

5.8AI score
Exploits6References13
EUVD
EUVD
added 2026/05/06 6:30 p.m.12 views

EUVD-2026-27862

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 5:16 p.m.8 views

CVE-2026-20193

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS0.00221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 4:15 p.m.8 views

CVE-2026-20193

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/06 4:15 p.m.24 views

CVE-2026-20193

Cisco Identity Services Engine (ISE) is affected by CVE-2026-20193 due to improper RBAC on the RADIUS Policy API endpoints. An authenticated, remote attacker with read-only Administrator privileges could bypass the web UI and call an affected endpoint to gain unauthorized read access to sensitive...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/06 4:15 p.m.36 views

CVE-2026-20193 Cisco Identity Services Engine Authentication Bypass Vulnerability

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 4:15 p.m.7 views

CVE-2026-20193 Cisco Identity Services Engine Authentication Bypass Vulnerability

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-37657

Name of the Vulnerable Software and Affected Versions Cisco ISE affected versions not specified Description Improper role-based access control RBAC permissions on the RADIUS Policy API endpoints allow an authenticated remote attacker with read-only Administrator privileges to gain unauthorized re...

4.3CVSS5.9AI score0.00221EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Cisco ISE 安全漏洞

Cisco ISE is a NAC solution developed by the American company Cisco. It is used to manage access to network resources for endpoints, users, and devices in a zero-trust architecture. Cisco ISE has a security vulnerability that stems from improper role-based access control permissions on the RADIUS...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.15 views

Cisco Identity Services Engine Multiple Vulnerabilities (cisco-sa-ise-unauth-bypass-uxjRXGpb)

According to its self-reported version, Cisco ISE is affected by multiple vulnerabilities. - A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists becaus...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References5
Rows per page
Query Builder