Lucene search
K

47803 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/26 4:2 p.m.7 views

CVE-2026-56823

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...

5.4CVSS5.9AI score0.0015EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/26 1:59 p.m.2 views

SUSE-SU-2026:2662-1 Security update for openssl-3-livepatches

This update for openssl-3-livepatches fixes the following issues - CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS12 MAC verification bsc1256878. - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256876. - CVE-2025-15468: NULL dereference in SSLCIPHERfi...

9.8CVSS7.2AI score0.47621EPSS
Exploits7References10
Hacker One
Hacker One
added 2026/06/26 8:40 a.m.17 views

curl: mbedTLS / wolfSSL / rustls backends silently skip hostname verification when CURLOPT_SSL_VERIFYPEER=0

Summary When an application sets CURLOPTSSLVERIFYPEER=0 while keeping CURLOPTSSLVERIFYHOST=2 the default, the mbedTLS, wolfSSL, and rustls TLS backends silently skip the hostname-vs-certificate check. The OpenSSL, GnuTLS, and Schannel backends correctly preserve hostname checking under the same...

5.9AI score
Exploits0
OSV
OSV
added 2026/06/26 2:16 a.m.3 views

ALPINE-CVE-2026-48934

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS6.1AI score0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:16 a.m.8 views

CVE-2026-48934

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 1:27 a.m.18 views

CVE-2026-13226

CVE-2026-13226 affects the Groundhogg WordPress plugin (CRM/Newsletters/Marketing Automation) up to version 4.5.4. It exposes a generic SQL Injection via the vulnerable 'after' parameter caused by insufficient escaping and lack of proper preparation in the existing SQL query. The issue allows aut...

6.5CVSS6AI score0.00281EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/26 1:14 a.m.7 views

EUVD-2026-39612

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS6.3AI score0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 1:14 a.m.38 views

CVE-2026-48934

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS0.00258EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:14 a.m.9 views

CVE-2026-48934

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS6.4AI score0.00258EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39565

HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...

2.1CVSS5.8AI score0.00147EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 12:32 a.m.4 views

EUVD-2026-39581

PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted...

5.9CVSS5.8AI score0.00171EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

SUSE SLED15: libsolv-devel / libsolv-tools / libsolv-tools-base / libzypp / etc (SUSE-SU-2026:2590-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2590-1 advisory. This update for libsolv, libzypp, zypper fixes the following issues - CVE-2026-9149: Heap buffer overflow in...

8.8CVSS6.3AI score0.006EPSS
Exploits0References36
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.12 views

Curl 7.81.0 < 8.21.0 Proto-Default Skips SSH Verification

The version of curl installed on the remote host is 7.81.0 prior to 8.21.0. It is, therefore, affected by an improper host validation vulnerability: - When a user invokes curl using a schemeless URL combined with --proto-default sftp, a disconnect occurs that erroneously bypasses the initializati...

5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

Curl 8.11.0 < 8.21.0 HTTP/3 Early Data Information Disclosure

The version of curl installed on the remote host is 8.11.0 prior to 8.21.0. It is, therefore, affected by an information disclosure vulnerability: - When libcurl returns to a hostname with a cached SSL session and early data enabled, libcurl might send the request bytes before enforcing the...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/25 10:17 p.m.3 views

DEBIAN-CVE-2026-6331

HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...

7.5CVSS5.8AI score0.00147EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:17 p.m.2 views

DEBIAN-CVE-2026-6329

PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...

6.5CVSS5.8AI score0.0016EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 10:17 p.m.6 views

CVE-2026-6329

PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...

6.5CVSS0.0016EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 9:32 p.m.14 views

CVE-2026-7511

Technical details are not publicly available in the provided documents for CVE-2026-7511. Monitor for updates from vendors and CERT advisories to learn affected products, versions, impact, and remediation.

7.5CVSS5.8AI score0.00171EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/25 9:2 p.m.14 views

CVE-2026-6329

CVE-2026-6329 describes a vulnerability in PKCS#12 MAC verification in wolfSSL where the verification uses an attacker-controlled comparison length. The PKCS#12 verify path compares the locally computed HMAC against the MAC parsed from the PKCS#12 structure using a length taken directly from atta...

6.5CVSS5.9AI score0.0016EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 9:2 p.m.26 views

CVE-2026-6329 PKCS#12 MAC verification uses attacker-controlled comparison length

PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...

6CVSS0.0016EPSS
Exploits0References2
Rows per page
Query Builder