Lucene search
K

124 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-9742

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

8.2CVSS5.5AI score0.00347EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 12:31 a.m.17 views

EUVD-2026-35860

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

8.2CVSS5.5AI score0.00347EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 11:17 p.m.4 views

UBUNTU-CVE-2026-9742

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

8.2CVSS5.3AI score0.00347EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 9:57 p.m.6 views

CVE-2026-9742 Authenticate command with specific mechanism parameter can trigger server crash

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

8.2CVSS5.5AI score0.00347EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48290

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description When OIDC OpenID Connect, an identity layer on top of the OAuth 2.0 protocol authentication is enabled in the configuration, unauthenticated clients can cause a...

8.2CVSS5.4AI score0.00347EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/22 5:32 a.m.7 views

Allocation of Resources Without Limits or Throttling

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the public key parsers. An attacker can exhaust CPU resources by submitting crafted RSA or DSA public keys with excessively...

7.5CVSS5.8AI score0.00389EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/19 2:36 p.m.6 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the GenFileChangeEvents handler. An attacker can obtain continuous access to sensitive file and directory information by connecting to the SSE endpoint without authentication. Remediation...

6.9CVSS5.8AI score
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/19 2:12 a.m.95 views

MC-271325-PoC

Status trailing-byte log amplification MC-271325 Unauthenti...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.4 views

CVE-2026-32062

OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open ...

8.7CVSS5.8AI score0.00426EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24946

The Simple Ajax Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'c' parameter in versions up to, and including, 20260217 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

6.1CVSS5.9AI score0.00172EPSS
Exploits0References4
OSV
OSV
added 2026/03/11 2:16 p.m.4 views

CVE-2026-32062

OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open ...

7.5CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 2026/03/06 7:34 p.m.5 views

EUVD-2026-10064

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to any subscriber...

6.9CVSS5.7AI score0.00291EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/10 12:25 a.m.5 views

SUSE CVE-2026-1709

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.4CVSS5.5AI score0.0575EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/02/08 12:0 a.m.5 views

FreeBSD : traefik -- ACME TLS-ALPN fast path potential DoS (1a82bf18-0417-11f1-be6f-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1a82bf18-0417-11f1-be6f-5404a68ad561 advisory. The traefik project reports: There is a potential vulnerability in Traefik ACME TLS certificates'...

7.5CVSS5.6AI score0.00321EPSS
Exploits0References3
PyPA
PyPA
added 2026/02/06 8:16 p.m.7 views

PYSEC-2026-74

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.7AI score0.0575EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: valkey (CVE-2025-21605)

The version of valkey installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21605 advisory. - Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to...

7.5CVSS5.9AI score0.00824EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/16 9:5 a.m.4 views

CVE-2026-22045

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability exists in the ACME TLS-ALPN fast path, where unauthenticated clients can exploit it. By initiating numerous connections and sending a minimal ClientHello with "acme-tls/1" before ceasing communication, a...

7.5CVSS6.1AI score0.00321EPSS
Exploits0References7
NVD
NVD
added 2026/01/15 11:15 p.m.5 views

CVE-2026-22045

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the...

7.5CVSS0.00321EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/15 10:58 p.m.8 views

Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall

Impact There is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up goroutines and file descriptors indefinitely when the ACME TLS challenge is enabled. A malicious client can open many...

7.5CVSS7AI score0.00321EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2026/01/15 10:44 p.m.19 views

CVE-2026-22045 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the...

5.9CVSS0.00321EPSS
Exploits0References4
Rows per page
Query Builder