Lucene search
K

149 matches found

OSV
OSV
added 2026/07/06 6:26 a.m.5 views

OESA-2026-2821 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

7.5CVSS6.6AI score0.03782EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2026/06/30 3:45 p.m.6 views

K000161969: Go vulnerability CVE-2025-58189

Security Advisory Description When Conn.Handshake fails during Application-Layer Protocol Negotiation ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped. CVE-2025-58189 Impact An attacker may be able to inject controlled...

5.3CVSS6.5AI score0.00443EPSS
Exploits0Affected Software3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52591

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where SNI Server Name Indication and ALPN Application-Layer Protocol Negotiation bindings are missing during stateful session-ID resumption. This...

7.5CVSS5.7AI score0.0021EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in Node.js

A flaw in Node.js’ TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback is used. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling mechanisms such as tlsClientError and error, causing either...

7.5CVSS7.1AI score0.01056EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Thunderbird, Firefox

When using Alt-Svc, ALPN failed to properly validate certificates when the original server was redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...

4CVSS6.7AI score0.00226EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/05 9:52 a.m.212 views

Exploit for Double Free in Apache Http_Server

☣️ CVE-2026-23918-Elite-Auditor ☣️ Professional Intelligenc...

8.8CVSS5.8AI score0.4581EPSS
Exploits16
OSV
OSV
added 2026/04/17 6:31 a.m.66 views

GHSA-8R5M-3F66-QPR3 HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0,...

5.3CVSS5.7AI score0.00332EPSS
Exploits0References3
NVD
NVD
added 2026/04/17 4:16 a.m.29 views

CVE-2026-5052

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0,...

8.6CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added 2026/04/17 2:55 a.m.257 views

CVE-2026-5052

Vault’s PKI engine ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges, creating potential SSRF and information disclosure against internal targets. The issue affects Vault Community Edition up to 2.0.0 and Vault Enterprise up to 2.0.0, as well as 1.21.5, ...

8.6CVSS5.8AI score0.00332EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 2:55 a.m.5 views

CVE-2026-5052 Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0,...

5.3CVSS5.8AI score0.00332EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:14 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security bypass in Golang Go - crypto/tls (CVE-2025-58189)

Summary IBM Watson Speech Services Cartridge is vulnerable to a security bypass in Golang Go - crypto/tls, due to Conn.Handshake fails during ALPN negotiation CVE-2025-58189. Golang Go - crypto/tls is used in our speech-utilities. This vulnerabilitiy has been addressed. Please read the details fo...

5.3CVSS7AI score0.00443EPSS
Exploits0Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.15 views

HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers

CVE-2026-21637 is regarding a vulnerability in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError...

7.5CVSS7.1AI score0.01056EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/13 2:27 a.m.6 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7AI score0.01056EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-31931

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the tls.alpn rule keyword can cause Suricata to crash with a...

7.5CVSS7AI score0.00351EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/03 11:25 p.m.4 views

SUSE CVE-2026-31931

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...

7.5CVSS5.7AI score0.00351EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/02 4:43 p.m.4 views

CVE-2026-31931

A flaw was found in Suricata, a network Intrusion Detection System IDS, Intrusion Prevention System IPS, and Network Security Monitoring NSM engine. An attacker could trigger a null dereference by using the "tls.alpn" rule keyword, causing the Suricata engine to crash. This vulnerability leads to...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References5
NVD
NVD
added 2026/04/02 2:16 p.m.9 views

CVE-2026-31931

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...

7.5CVSS0.00351EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 2:1 p.m.6 views

CVE-2026-31931

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/02 2:1 p.m.18 views

CVE-2026-31931 Suricata tls: null dereference in tls.alpn rule keyword

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...

7.5CVSS0.00351EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 2:1 p.m.46 views

CVE-2026-31931

CVE-2026-31931 affects Suricata (network IDS/IPS/NSM). From version 8.0.0 up to but not including 8.0.4, using the tls.alpn rule keyword can cause a NULL dereference, potentially crashing the process. The issue has been patched in version 8.0.4 . Environment impact is primarily availability (A), ...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder