Lucene search
K

27013 matches found

Cvelist
Cvelist
added 2026/03/30 11:2 a.m.22 views

CVE-2018-25233 WebDrive 18.00.5057 Denial of Service via Secure WebDAV

WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username...

6.9CVSS0.00206EPSS
Exploits1References4
NVD
NVD
added 2026/03/30 7:15 a.m.3 views

CVE-2026-5119

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS0.00254EPSS
Exploits1References17
Vulnrichment
Vulnrichment
added 2026/03/30 5:35 a.m.2 views

CVE-2026-5119 Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

5.9CVSS5.9AI score0.00254EPSS
Exploits1References16
Cvelist
Cvelist
added 2026/03/30 5:35 a.m.33 views

CVE-2026-5119 Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

5.9CVSS0.00254EPSS
Exploits1References17
Debian CVE
Debian CVE
added 2026/03/30 5:35 a.m.2 views

CVE-2026-5119

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.3AI score0.00254EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29019

🚨 CVE-2018-25233 WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in...

6.9CVSS5.8AI score0.00206EPSS
Exploits1References6
Packet Storm News
Packet Storm News
added 2026/03/30 12:0 a.m.3 views

Study of Post Quantum Status of Widely Used Protocols

The advent of quantum computing poses significant threats to classical public-key cryptographic primitives such as RSA and elliptic-curve cryptography. As many critical network and security protocols depend on these primitives for key exchange and authentication, there is an urgent need to...

6AI score
Exploits0
Cvelist
Cvelist
added 2026/03/29 12:22 a.m.30 views

CVE-2026-4851 GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization

GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization. GRID::Machine provides Remote Procedure Calls RPC over SSH for Perl. The client connects to remote hosts to execute code on them. A compromised or malicious remote host can execute arbitrary...

0.0047EPSS
Exploits0References1
Fedora
Fedora
added 2026/03/28 1:7 a.m.5 views

[SECURITY] Fedora 42 Update: php-phpseclib-2.0.52-1.fc42

MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...

8.2CVSS5.8AI score0.00374EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.3 views

SUSE CVE-2026-32811

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. Envoy splits t...

8.2CVSS5.7AI score0.003EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.3 views

SUSE CVE-2026-32879

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...

4.9CVSS5.9AI score0.00289EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-27855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP...

6.8CVSS5.8AI score0.00338EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/28 12:0 a.m.4 views

Security update for 389-ds (important)

openSUSE security update: security update for 389-ds ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20415-1 Rating: important References: bsc1258727 Cross-References: CVE-2025-14905 CVSS scores: CVE-2025-14905 SUSE : 7.2...

8.6CVSS6.1AI score0.01038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.2 views

CVE-2026-33632

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.4, two file operation event types — ESEVENTTYPEAUTHEXCHANGEDATA and ESEVENTTYPEAUTHCLONE — were not intercepted by ClearanceKit's opfilter system extension, allowing local...

8.4CVSS5.9AI score0.00101EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 5:45 p.m.2 views

BIT-NATS-2026-33216 NATS has MQTT plaintext password disclosure

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...

8.6CVSS5.9AI score0.00365EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/27 2:24 p.m.9 views

CVE-2021-27562

In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode...

5.5CVSS6.9AI score0.03093EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/03/27 12:26 p.m.4 views

Security update for docker-stable

This update for docker-stable fixes the following issues: CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption bsc1253904. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...

9.9CVSS7AI score0.16496EPSS
Exploits1References16
Rockylinux
Rockylinux
added 2026/03/27 12:7 p.m.6 views

yggdrasil security update

An update is available for yggdrasil. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list yggdrasil is a system daemon that subscribes to topics on an MQTT broker a...

10CVSS6AI score0.01945EPSS
Exploits3
EUVD
EUVD
added 2026/03/27 9:31 a.m.5 views

EUVD-2026-16563

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.9AI score0.00338EPSS
Exploits1References2
OSV
OSV
added 2026/03/27 9:16 a.m.8 views

ALPINE-CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

5.9CVSS5.9AI score0.00338EPSS
Exploits1References1
Rows per page
Query Builder