Lucene search
K

60 matches found

RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.4 views

netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation

A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...

10CVSS5.9AI score0.00224EPSS
Exploits0References7
NVD
NVD
added 2026/06/25 3:16 p.m.8 views

CVE-2026-13223

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/16 1:59 p.m.8 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

FreeBSD : FreeBSD -- Insufficient response validation in the ldns stub resolver (fc0c7763-6477-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fc0c7763-6477-11f1-958d-bc241121aa0a advisory. When used as a stub resolver over UDP, ldns failed to verify that a received response belonged to the...

8.2CVSS5.6AI score0.00147EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 1:26 p.m.14 views

tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol OCSP responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:28 a.m.22 views

CVE-2026-7009

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine...

5.8AI score0.00267EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/05/01 3:16 p.m.6 views

CVE-2026-43047

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Check to ensure report responses match the request It is possible for a malicious or clumsy device to respond to a specific report's feature request using a completely different report ID. This can cause confusio...

7.8CVSS0.0012EPSS
Exploits0References8
OSV
OSV
added 2026/04/07 1:16 p.m.3 views

DEBIAN-CVE-2026-32144

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in publickey:pkixocspvalidate/5 does not verify that a CA-designated responder certificate...

7.4CVSS5.5AI score0.002EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/25 4:52 p.m.17 views

tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol OCSP responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability...

7.5CVSS5.7AI score0.00498EPSS
Exploits0References5
CNVD
CNVD
added 2026/02/13 12:0 a.m.2 views

Apache Druid Authentication Bypass Vulnerability

Apache Druid is the United States Apache Apache Foundation of a use of the Java language , written in column-oriented open source distributed database . Apache Druid has a security vulnerability that originates from improper validation of LDAP authentication responses, which could lead to...

9.8CVSS5.8AI score0.01034EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.8 views

PT-2026-2838

The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to an improper validation logic in the check payhere response function in all versions up to, and including, 2.3.9. This makes it possible for unauthenticated attackers t...

5.3CVSS6AI score0.00225EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:35 a.m.12 views

CVE-2020-10885

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results...

9.8CVSS7.1AI score0.07219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.9 views

PT-2025-47320

Name of the Vulnerable Software and Affected Versions WhatsApp for iOS versions prior to 2.25.23.73 WhatsApp Business for iOS versions prior to 2.25.23.82 WhatsApp for Mac versions prior to 2.25.23.83 Description A flaw exists in the validation of rich response messages. This could allow a user t...

5.4CVSS6.5AI score0.00152EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.5 views

Facebook WhatsApp 安全漏洞

Facebook WhatsApp is a suite of mobile applications from Facebook Inc. in the United States that are based on the Android platform and utilize the network to deliver text messages. The application uses contact information in a smartphone to find contacts using the software to send texts, images,...

5.4CVSS6.4AI score0.00152EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-5629

Malware in sbrugna...

6.5CVSS7.8AI score0.01214EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-12672

Malware in sbrugna...

7.5CVSS6.1AI score0.04347EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0457

Malware in sbrugna...

8.8CVSS8.6AI score0.01199EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-17068

Malware in sbrugna...

8.2CVSS8.1AI score0.02404EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-31913

Malicious code in bioql PyPI...

8.3CVSS6.6AI score0.00436EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2022-4142

Malicious code in bioql PyPI...

5.3CVSS5.8AI score0.11167EPSS
Exploits0References19
Rows per page
Query Builder