Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

405 matches found

Vulnrichment
Vulnrichmentadded 2026/06/09 5:51 a.m.8 views

CVE-2026-41539 QTS, QuTS hero

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QTS...

8.7CVSS5.2AI score0.00193EPSS
Exploits0References1
CVE
CVEadded 2026/05/27 3:36 p.m.16 views

CVE-2026-44330

Summary (CVE-2026-44330): free5GC NEF’s nnef-pfdmanagement route group was found to be mounted without inbound OAuth2/bearer-token authorization, exposing read and write access to PFD data and subscriptions. Affected: free5GC v4.2.1 (NEF). Impact: an attacker who can reach the NEF SBI can read PF...

10CVSS5.9AI score0.00287EPSS
Exploits1References1Affected Software1
EUVD
EUVDadded 2026/04/10 12:30 a.m.1 views

EUVD-2026-21220

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

2.1CVSS5.9AI score0.00225EPSS
Exploits0References2
NVD
NVDadded 2026/04/09 10:16 p.m.4 views

CVE-2026-5778

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

6.5CVSS0.00225EPSS
Exploits0References1
OSV
OSVadded 2026/04/09 10:16 p.m.1 views

DEBIAN-CVE-2026-5778

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

6.5CVSS5.4AI score0.00225EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/04/09 10:16 p.m.3 views

CVE-2026-5778

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

6.5CVSS5.8AI score0.00225EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/09 9:45 p.m.0 views

CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

2.1CVSS5.8AI score0.00225EPSS
Exploits0References1
CVE
CVEadded 2026/04/09 9:45 p.m.10 views

CVE-2026-5778

CVE-2026-5778 affects wolfSSL packet sniffer (

6.5CVSS5.9AI score0.00225EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVEadded 2026/04/09 9:45 p.m.3 views

CVE-2026-5778

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

6.5CVSS5.4AI score0.00225EPSS
Exploits0
AlpineLinux
AlpineLinuxadded 2026/04/09 9:45 p.m.2 views

CVE-2026-5778

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

6.5CVSS5.4AI score0.00225EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2026/04/08 9:24 a.m.2 views

CVE-2026-34582

A flaw was found in Botan, a C++ cryptography library. The TLS 1.3 implementation in Botan allows application data to be processed before the TLS handshake is fully completed. A remote attacker can exploit this by omitting critical client authentication messages, such as the Certificate,...

9.1CVSS5.9AI score0.00198EPSS
Exploits0References4
NVD
NVDadded 2026/04/07 10:16 p.m.6 views

CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

9.1CVSS0.00198EPSS
Exploits0References1
OSV
OSVadded 2026/04/07 10:16 p.m.0 views

DEBIAN-CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

9.1CVSS5.4AI score0.00198EPSS
Exploits0References1
OSV
OSVadded 2026/04/07 10:16 p.m.5 views

UBUNTU-CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

9.1CVSS5.8AI score0.00198EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/07 9:13 p.m.19 views

CVE-2026-34582 Botan has a TLS 1.3 certificate authentication bypass

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

8.7CVSS0.00198EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/07 9:13 p.m.1 views

CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

5.9AI score0.00198EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/04/07 9:13 p.m.2 views

EUVD-2026-19948

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

8.7CVSS5.9AI score0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/07 9:13 p.m.1 views

CVE-2026-34582 Botan has a TLS 1.3 certificate authentication bypass

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

8.7CVSS5.9AI score0.00198EPSS
Exploits0References1
AlpineLinux
AlpineLinuxadded 2026/04/07 9:13 p.m.4 views

CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

9.1CVSS5.3AI score0.00198EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2026/04/03 4:4 a.m.4 views

Signal K Server: Arbitrary Prototype Read via `from` Field Bypass

Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It...

6.5CVSS6.5AI score0.00308EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder