Lucene search
K

5687 matches found

CVE
CVE
added 2026/05/13 8:27 a.m.51 views

CVE-2026-4873

CVE-2026-4873 is a TLS-reuse issue observed in curl-related advisories. The vulnerability arises when a TLS-requiring connection reuses an existing unencrypted connection from the same pool: if the initial transfer is unencrypted (e.g., via IMAP, SMTP, or POP3), a subsequent request to the same h...

5.9CVSS5.8AI score0.00329EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2026/05/13 8:27 a.m.5 views

CVE-2026-4873

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

5.9CVSS5.8AI score0.00329EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/05/13 8:27 a.m.5 views

CVE-2026-4873

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

5.9CVSS5.8AI score0.00329EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/13 8:27 a.m.8 views

CVE-2026-4873 connection reuse ignores TLS requirement

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

5.8AI score0.00329EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

curl 安全漏洞

curl is an open-source tool developed by cURL, used for transferring data from or to a server. Curl has a security vulnerability, which stems from a logic error in connection reuse. This error may cause TLS-enabled connections to incorrectly reuse existing unencrypted connections, resulting in da...

5.9CVSS5.8AI score0.00329EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.18 views

Arqit Symmetric Key Agreement Platform 安全漏洞

The Arqit Symmetric Key Agreement Platform is a quantum-safe key negotiation platform developed by Arqit Corporation. Versions prior to 26.03 of the Arqit Symmetric Key Agreement Platform contained security vulnerabilities. These vulnerabilities stemmed from exposing the QKEY and internal system...

8.7CVSS5.8AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.23 views

PT-2026-40762

Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...

8.7CVSS5.8AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.6 views

sealed-env 信息泄露漏洞

Sealed-Env is a cross-platform zero-trust key management library developed by David Almeida. It supports encrypted storage and TOTP verification. Versions of Sealed-Env from 0.1.0-alpha.1 to 0.1.0-alpha.3 contained information leakage vulnerabilities. These vulnerabilities stemmed from the fact...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

Catalyst::Plugin::Statsd 安全漏洞

Catalyst::Plugin::Statsd is a plugin module by Robert Rothenberg, an individual developer, for capturing application runtime metrics and sending them to a statistics system. A security vulnerability exists in Catalyst::Plugin::Statsd 0.10.0 and earlier versions, which stems from an unencrypted...

7.5CVSS5.8AI score0.00244EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

Plack::Middleware::Statsd 安全漏洞

Plack::Middleware::Statsd is a middleware component for logging web request metrics and sending them to a statistics system by Robert Rothenberg, an individual developer. A security vulnerability exists in Plack::Middleware::Statsd prior to version 0.9.0, which stems from an unencrypted...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.30 views

Ruby net-imap < 0.3.10 / 0.4.x < 0.4.24 / 0.5.x < 0.5.14 / 0.6.x < 0.6.4 vulnerability

The version of the net-imap Ruby library installed on the remote host is prior to 0.3.10, 0.4.x prior to 0.4.24, 0.5.x prior to 0.5.14, or 0.6.x prior to 0.6.4. It is, therefore, affected by a man-in-the-middle vulnerability. A flaw in the Net::IMAPstarttls function allows a man-in-the-middle...

7.6CVSS5.8AI score0.00324EPSS
Exploits0References2
Fedora
Fedora
added 2026/05/06 4:48 p.m.9 views

[SECURITY] Fedora 43 Update: krb5-1.22.2-4.fc43

Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form...

5.9CVSS5.8AI score0.00461EPSS
Exploits0
EUVD
EUVD
added 2026/05/06 12:30 p.m.6 views

EUVD-2025-209663

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

3.7CVSS5.8AI score0.00088EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 11:16 a.m.27 views

CVE-2025-59852

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

9.1CVSS0.00088EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 10:25 a.m.20 views

CVE-2025-59852

CVE-2025-59852 affects HCL DFXAnalytics. The vulnerability is described as Insufficient Transport Layer Protection, where data is transmitted over the network without encryption, potentially compromising the confidentiality, integrity, and authentication of sensitive information. The available do...

9.1CVSS5.8AI score0.00088EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-37440

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

3.7CVSS5.8AI score0.00088EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.19 views

RHCOS 3 : OpenShift Container Platform 3.11 (RHSA-2019:2817)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2817 advisory. - HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9512 - HTTP/2: flood using HEADERS frames results in...

7.8CVSS7.1AI score0.83433EPSS
Exploits1References7
OSV
OSV
added 2026/04/29 2:0 p.m.2 views

UBUNTU-CVE-2026-4873

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

5.9CVSS5.8AI score0.00329EPSS
Exploits1References4
OSV
OSV
added 2026/04/29 8:0 a.m.10 views

CURL-CVE-2026-4873 connection reuse ignores TLS requirement

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

5.9CVSS5.4AI score0.00329EPSS
Exploits1
curl security advisories
curl security advisories
added 2026/04/29 8:0 a.m.15 views

connection reuse ignores TLS requirement

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

5.9CVSS5.2AI score0.00329EPSS
Exploits1References1Affected Software2
Rows per page
Query Builder