Lucene search
K

880 matches found

AlpineLinux
AlpineLinux
added 2026/05/06 6:13 p.m.9 views

CVE-2026-7996

Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.2CVSS5.8AI score0.00172EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/05/06 4:29 p.m.94 views

trying-to-make-a-website-scanner

trying-to-make-a-website-scanner Web Vulnerability Scanner —...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-38189

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in SSL allows a remote attacker who has compromised the renderer process to perform UI spoofing using a crafted HTML page. Recommendations...

9.6CVSS5.8AI score0.00344EPSS
Exploits0References136
Packet Storm News
Packet Storm News
added 2026/05/04 12:0 a.m.16 views

Hydra Network Logon Cracker 9.7

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus...

5.8AI score
Exploits0
Redos
Redos
added 2026/04/29 12:0 a.m.8 views

ROS-20260429-73-0042

A vulnerability in the ngxstreamsslmodule module of the NGINX Plus and NGINX Open Source HTTP server is related to a flaw in the authorization procedure. Exploitation of the vulnerability may allow a remote intruder to bypass security restrictions and gain unauthorized access to protected...

5.4CVSS5.4AI score0.00133EPSS
Exploits0
OSV
OSV
added 2026/04/28 12:31 a.m.5 views

GHSA-MQVW-JFMH-93QQ Spring Boot's Cassandra SSL auto-configuration disables TLS hostname verification

Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16, 3.3.0–3.3.18 fix 3.3.19, 2.7.0–2.7.32 fix 2.7.33; Cassandra SSL...

5CVSS5.8AI score0.00182EPSS
Exploits0References3
NVD
NVD
added 2026/04/28 12:16 a.m.6 views

CVE-2026-40974

Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16, 3.3.0–3.3.18 fix 3.3.19, 2.7.0–2.7.32 fix 2.7.33; Cassandra SSL...

9.8CVSS0.00182EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

Milesight AIOT cameras 安全漏洞

Milesight AIOT cameras are a series of intelligent monitoring cameras developed by the Chinese company Milesight, which integrates artificial intelligence and IoT technologies. There are security vulnerabilities in Milesight AIOT cameras, and these vulnerabilities stem from the use of SSL...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References1
NVD
NVD
added 2026/04/27 11:16 p.m.31 views

CVE-2026-40971

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...

9.1CVSS0.00157EPSS
Exploits0References1
OSV
OSV
added 2026/04/27 10:45 p.m.1 views

CVE-2026-40971

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...

5CVSS6AI score0.00157EPSS
Exploits0References3
OSV
OSV
added 2026/04/27 9:31 p.m.9 views

GHSA-C96X-RPM4-349P Spring Boot's Elasticsearch auto-configuration doesn't perform hostname verification when connecting to the Elasticsearch server.

When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory...

5CVSS5.8AI score0.00136EPSS
Exploits0References4
CVE
CVE
added 2026/04/27 1:12 p.m.22 views

CVE-2026-40557

Summary: CVE-2026-40557 affects Apache Storm Prometheus Reporter (versions 2.6.3–2.8.6). The issue stems from PrometheusPreparableReporter implementing an INSECURE_TRUST_MANAGER and, when storm.daemon.metrics.reporter.plugin.prometheus.skip_tls_validation is enabled, triggering SSLContext.setDefa...

4.8CVSS5.2AI score0.00193EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.9 views

PT-2026-35569

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys...

9.8CVSS5.2AI score0.00218EPSS
Exploits0References7
OSV
OSV
added 2026/04/21 4:24 p.m.9 views

CLSA-2026-1776788664 perl: Fix of CVE-2023-31486

CVE-2023-31486: add verifySSL=1 to HTTP::Tiny default configuration...

8.1CVSS6.9AI score0.01742EPSS
Exploits0References1
NVD
NVD
added 2026/04/16 3:16 a.m.8 views

CVE-2026-41015

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...

7.4CVSS0.01156EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/16 3:16 a.m.4 views

CVE-2026-41015

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...

7.4CVSS5.9AI score0.01156EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.10 views

PT-2026-33247

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...

7.4CVSS5.9AI score0.01156EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.12 views

Radare2 安全漏洞

Radare2 is an open-source reverse framework for Unix geeks developed by Radare. Versions of Radare2 prior to 9236f44 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of PDB names when SSL was not enabled, which could lead to command injection attacks...

7.4CVSS5.8AI score0.01156EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.6 views

OpenSSL Toolkit 4.0.0

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 4.0 release...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/10 9:26 p.m.6 views

CVE-2026-39304

A flaw was found in Apache ActiveMQ Client, Apache ActiveMQ Broker, and Apache ActiveMQ. A remote attacker can exploit this vulnerability by rapidly triggering Transport Layer Security TLS version 1.3 handshake KeyUpdates. This improper handling of KeyUpdates causes the broker to exhaust its memo...

7.5CVSS5.7AI score0.00896EPSS
Exploits0References4
Rows per page
Query Builder