Lucene search
K

948 matches found

CVE
CVE
added 2 days ago15 views

CVE-2026-13461

CVE-2026-13461 affects PayRange Android app v7.0.7 where, when paired with an SSL-bypass vulnerability, JavaScript can be injected into the WebView, allowing sandbox escape and dangerous actions on the user device. The underlying issue is WebView JavaScript injection enabled by a compromised TLS ...

9.6CVSS6AI score0.00199EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42635

When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device...

6AI score0.00199EPSS
Exploits0References2
OSV
OSV
added 2026/07/03 12:0 a.m.5 views

UBUNTU-CVE-2026-55952

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS6.1AI score0.00487EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/07/02 4:6 p.m.36 views

CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...

6.3CVSS0.00135EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 4:6 p.m.4 views

EEF-CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl

Summary Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tls\gen\connection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server...

6.3CVSS5.8AI score0.00135EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 11:17 p.m.4 views

CVE-2026-14103

Use after free in SSL in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00247EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.7 views

CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages

Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays setting on transport-securit...

7.4CVSS6AI score0.00143EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/18 4:12 p.m.11 views

EUVD-2026-37909

The Webmin HTTP server miniserv.pl allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a forged HTTP header. A remote attacker can spoof certificate DNs and authenticate as any user. Fixed in 2.641...

9.2CVSS5.3AI score0.00285EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 12:31 a.m.11 views

EUVD-2026-35898

Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri"amqps://..." without also calling setUseSSLtrue get TLS encryption with no certificate validation and no hostname verification. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1....

4CVSS5.5AI score0.00132EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.12 views

OpenSSL Toolkit 4.0.1

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 4.0 release...

9.8CVSS5.4AI score0.02719EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.12 views

OpenSSL Toolkit 3.6.3

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.6 release...

9.8CVSS5.4AI score0.02719EPSS
Exploits0
Redos
Redos
added 2026/06/09 12:0 a.m.10 views

ROS-20260609-73-0009

The vulnerability of the ngxhttpsslmodule module in NGINX Plus and NGINX Open Source web servers is related to the use of memory after deallocation. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and accessibility of protected information...

6.3CVSS5.5AI score0.00677EPSS
Exploits0
OSV
OSV
added 2026/06/08 1:54 p.m.9 views

JLSEC-2026-606

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

7.5CVSS5.4AI score0.00471EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.17 views

CVE-2026-3829

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wplebasicgetrequests' function in all versions up to, and including, 7.8.5.10. This makes...

5.4CVSS5.5AI score0.00202EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 1:40 a.m.22 views

CVE-2026-41860

CVE-2026-41860 affects BOSH prior to v282.1.9. The root cause is CWE-326: HttpRequestHelper#create_async_endpoint and #send_http_get_request_synchronous hard-code OpenSSL::SSL::VERIFY_NONE, enabling a local attacker to perform a MITM and intercept credentials or redirect UAA token requests betwee...

8.8CVSS5.8AI score0.00074EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.10 views

Ubuntu 25.10 / 26.04 LTS : CRaC JDK 17 vulnerabilities (USN-8332-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8332-1 advisory. Thomas Beckers discovered that the JAXP component of CRaC JDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker...

7.5CVSS7.3AI score0.00702EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.18 views

Ubuntu 25.10 / 26.04 LTS : CRaC JDK 25 vulnerabilities (USN-8334-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8334-1 advisory. Thomas Beckers discovered that the JAXP component of CRaC JDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker...

7.5CVSS7.3AI score0.00702EPSS
Exploits0References10
OSV
OSV
added 2026/05/28 12:5 p.m.15 views

USN-8334-1 openjdk-25-crac vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

7.5CVSS7.3AI score0.00702EPSS
Exploits0References10
OSV
OSV
added 2026/05/28 12:1 p.m.17 views

USN-8333-1 openjdk-21-crac vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

7.5CVSS5.8AI score0.00702EPSS
Exploits0References9
OSV
OSV
added 2026/05/28 6:12 a.m.16 views

USN-8327-1 openjdk-17 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS5.9AI score0.00702EPSS
Exploits0References9
Rows per page
Query Builder