Lucene search
K

6260 matches found

EUVD
EUVD
added 2026/06/25 4:53 p.m.6 views

EUVD-2026-39493

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

2CVSS5.8AI score0.00114EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 4:53 p.m.20 views

CVE-2026-55967

CVE-2026-55967 covers AES-GCM streaming APIs that fail to reject extremely large cumulative single messages (>64 GiB), allowing counter wrap and keystream reuse and enabling plaintext recovery. Public documents reference the same issue across multiple OS advisories (Ubuntu, Debian, Debian-deri...

7.5CVSS5.8AI score0.00114EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 3:27 p.m.3 views

Security Bulletin: IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability. [CVE-2025-36359]

Summary IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability, which could allow an attacker to continue accessing protected resources using expired authentication tokens. Vulnerability Details CVEID:CVE-2025-36359 DESCRIPTION: IBM DevOps Loop does not invalidate...

8.1CVSS5.9AI score0.00189EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/25 3:16 p.m.8 views

CVE-2026-13223

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.11 views

CVE-2026-13222

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:8 p.m.32 views

CVE-2026-57536 Insufficient validation of payment status in pretix-mollie

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment...

6.3CVSS0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:8 p.m.5 views

EUVD-2026-39415

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:7 p.m.31 views

CVE-2026-13222 Insufficient validation of payment status in pretix-oppwa

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:3 p.m.3 views

EUVD-2026-39413

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:3 p.m.9 views

CVE-2026-13223

Affected component: pretix with Computop-based payment methods. Root cause: insufficient validation of payment status responses. Impact: an attacker could reuse a successful status for one payment to complete a different payment, gaining access to multiple valid tickets from a single payment. Thi...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:3 p.m.29 views

CVE-2026-13223 Insufficient validation of payment status in pretix-computop

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 9:16 a.m.11 views

CVE-2026-56130

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...

2CVSS0.00224EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:44 a.m.7 views

CVE-2026-56130

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...

2CVSS5.9AI score0.00224EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/25 8:39 a.m.17 views

CVE-2026-53191

CVE-2026-53191 affects the Linux kernel io_uring/net path. In bundle recv retries (with incremental mode and provided buffer rings IOU_PBUF_RING_INC), a memory handling bug caused IORING_CQE_F_BUF_MORE to be dropped during flag merge, allowing the kernel to leave a stale BUF_MORE in carried flags...

7.8CVSS6AI score0.00138EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/25 7:40 a.m.8 views

BIT-PYTHON-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

8.2CVSS5.4AI score0.00433EPSS
Exploits0References10
OSV
OSV
added 2026/06/24 2:0 p.m.5 views

UBUNTU-CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS6AI score0.00368EPSS
Exploits1References3
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.7AI score0.00408EPSS
Exploits1References4
OSV
OSV
added 2026/06/24 2:0 p.m.7 views

UBUNTU-CVE-2026-11856

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

9.8CVSS5.9AI score0.01064EPSS
Exploits1References3
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different "services". libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS5.8AI score0.00543EPSS
Exploits1References4
OSV
OSV
added 2026/06/24 8:0 a.m.10 views

CURL-CVE-2026-8458 wrong reuse for different services

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different "services". libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS5.8AI score0.00543EPSS
Exploits1
Rows per page
Query Builder