CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

280 matches found

Vulnrichment•added 2025/10/29 10:10 p.m.•4 views

CVE-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

6.3AI score0.00405EPSS

Exploits0References4

Debian CVE•added 2025/10/29 10:10 p.m.•3 views

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS8.1AI score0.00405EPSS

Exploits0

CNNVD•added 2025/10/29 12:0 a.m.•1 views

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from an error message not escaping attacker-controlled data when ALPN negotiation fails, which could lead to informatio...

5.3CVSS6.1AI score0.00405EPSS

Exploits0References5

SUSE CVE•added 2025/10/22 11:23 p.m.•2 views

SUSE CVE-2025-62409

Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is...

7.5CVSS7AI score0.00415EPSS

Exploits0References2

Snyk•added 2025/10/16 6:43 p.m.•2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the flow control management process while overriding onAboveWriteBufferHighWatermark and onBelowWriteBufferLowWatermark callbacks. An attacker can cause a crash of the TCP connection pool by sending large...

8.7CVSS7.1AI score0.00415EPSS

Exploits0References2