Lucene search
K

408 matches found

NVD
NVD
added 3 days ago10 views

CVE-2026-54891

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...

6.3CVSS0.00164EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 3 days ago7 views

CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...

6.3CVSS5.8AI score0.00164EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 5:51 a.m.12 views

CVE-2026-41539 QTS, QuTS hero

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QTS...

8.7CVSS5.2AI score0.00193EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 3:36 p.m.24 views

CVE-2026-44330

Summary (CVE-2026-44330): free5GC NEF’s nnef-pfdmanagement route group was found to be mounted without inbound OAuth2/bearer-token authorization, exposing read and write access to PFD data and subscriptions. Affected: free5GC v4.2.1 (NEF). Impact: an attacker who can reach the NEF SBI can read PF...

10CVSS5.9AI score0.00287EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:27 p.m.2 views

CVE-2025-13763

Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs...

5.7CVSS5.8AI score0.00176EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 12:30 a.m.3 views

EUVD-2026-21220

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

2.1CVSS5.9AI score0.00225EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 10:16 p.m.6 views

CVE-2026-5778

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

6.5CVSS0.00225EPSS
Exploits0References1
OSV
OSV
added 2026/04/09 10:16 p.m.2 views

DEBIAN-CVE-2026-5778

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

6.5CVSS5.4AI score0.00225EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/09 10:16 p.m.4 views

CVE-2026-5778

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

6.5CVSS5.8AI score0.00225EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/09 9:45 p.m.4 views

CVE-2026-5778

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

6.5CVSS5.4AI score0.00225EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/09 9:45 p.m.1 views

CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

2.1CVSS5.8AI score0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 9:45 p.m.12 views

CVE-2026-5778

CVE-2026-5778 affects wolfSSL packet sniffer (

6.5CVSS5.9AI score0.00225EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/09 9:45 p.m.3 views

CVE-2026-5778

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

6.5CVSS5.4AI score0.00225EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/08 9:24 a.m.3 views

CVE-2026-34582

A flaw was found in Botan, a C++ cryptography library. The TLS 1.3 implementation in Botan allows application data to be processed before the TLS handshake is fully completed. A remote attacker can exploit this by omitting critical client authentication messages, such as the Certificate,...

9.1CVSS5.9AI score0.00233EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 10:16 p.m.1 views

DEBIAN-CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

9.1CVSS5.4AI score0.00233EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 10:16 p.m.6 views

CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

9.1CVSS0.00233EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 10:16 p.m.7 views

UBUNTU-CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

9.1CVSS5.8AI score0.00233EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/07 9:13 p.m.22 views

CVE-2026-34582 Botan has a TLS 1.3 certificate authentication bypass

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

8.7CVSS0.00233EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/07 9:13 p.m.5 views

EUVD-2026-19948

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

8.7CVSS5.9AI score0.00233EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/07 9:13 p.m.2 views

CVE-2026-34582 Botan has a TLS 1.3 certificate authentication bypass

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

8.7CVSS5.9AI score0.00233EPSS
Exploits0References1
Rows per page
Query Builder