JLSEC-2026-518

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

EUVD-2025-209900

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...

Joplin 安全漏洞

Joplin is an open-source note-taking and to-do application developed by Laurent Cozic. Joplin versions 3.6.14 and earlier contained a security vulnerability. This vulnerability stemmed from insufficient length validation in the title input function, allowing attackers to exploit it by inserting...

Missing Authentication for Critical Function

Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Missing...

CVE-2026-7723 PrefectHQ prefect WebSocket Endpoint in missing authentication

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...

CVE-2026-41263

CVE-2026-41263 affects Traefik’s BasicAuth middleware. A timing side-channel allows an attacker to enumerate valid usernames by measuring response times, because the constant-time fallback secret resolves to an empty string, causing the bcrypt check to short-circuit quickly. Vulnerable versions a...

Traefik 安全漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.43, 3.6.14, and 3.7.0-rc.2 contain security vulnerabilities. These vulnerabilities stem from variables used in the BasicAuth middleware for constant-time comparisons, which are...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth process. An attacker can enumerate valid usernames by measuring authentication response times, exploiting differences in processing between existing and non-existing users. Remediation Upgrade...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth process. An attacker can enumerate valid usernames by measuring authentication response times, exploiting differences in processing between existing and non-existing users. Remediation Upgrade...

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

PT-2026-36179

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.43 Traefik versions prior to 3.6.14 Traefik versions prior to 3.7.0-rc.2 Description An authentication bypass exists in the StripPrefixRegex middleware when used with ForwardAuth, BasicAuth, or DigestAuth. The...

MiracleLinux 8 : gnutls-3.6.14-7.0.1.el8 (AXSA:2021-1156:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1156:01 advisory. gnutls: Heap buffer overflow in handshake with norenegotiation alert sent CVE-2020-24659 Tenable has extracted the preceding description block directly from...

CVE-2025-66626 argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's target and the...

BIT-PYTHON-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

Slackware Linux 15.0 / current postfix Vulnerability (SSA:2024-022-01)

The version of postfix installed on the remote host is prior to 3.6.14 / 3.8.5. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-022-01 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

PT-2023-21218 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phpList versions prior to 3.6.14 Description: An issue was discovered due to an access error, allowing manipulation and editing of the system's super admin data, which enables an account takeover of the user with super-admin permission...

SUSE-SU-2023:2320-1 Security update for wireshark

This update for wireshark fixes the following issues: Updated to version 3.6.14: - CVE-2023-2855: Fixed a crash in the Candump log file parser boo1211703. - CVE-2023-2856: Fixed a crash in the VMS TCPIPtrace file parser boo1211707. - CVE-2023-2857: Fixed a crash in the BLF file parser boo1211705....

Wireshark 3.6.x < 3.6.14 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 3.6.14. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.6.14 advisory. - XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packe...

Python < 3.6.14, 3.7.x < 3.7.11, 3.8.x < 3.8.9, 3.9.x < 3.9.3 (bpo-43285) - Mac OS X

Python is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Python urllib.parse Vulnerability (bpo-43882) - Mac OS X

Python is prone to a vulnerability urllib.parse. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...