Lucene search
K

24 matches found

RedHat Linux
RedHat Linux
added 3 days ago7 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.8AI score0.00765EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

wolfSSL(CyaSSL) 安全漏洞

WolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. WolfSSL CyaSSL contains a security vulnerability. This vulnerability stems from the ChaCha20-Poly1305 AEAD decryption path in...

8.1CVSS5.8AI score0.00152EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/27 8:47 p.m.26 views

CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...

7.5CVSS0.00348EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 6:47 p.m.1 views

CVE-2026-33751

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/24 9:16 p.m.3 views

CVE-2026-21790

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks...

6.3CVSS0.0015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/19 7:21 p.m.8 views

CVE-2025-69287

The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...

5.4CVSS5.7AI score0.00286EPSS
Exploits0References1
OSV
OSV
added 2026/02/17 4:13 p.m.5 views

GHSA-VJPQ-XX5G-QVMM BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability

BRC-104 Authentication Signature Data Preparation Vulnerability Summary A critical cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature incompatibility between SDK implementations and potentia...

5.4CVSS5.8AI score0.00286EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.12 views

Azure Linux 3.0 Security Update: httpd (CVE-2024-38473)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38473 advisory. - Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect...

8.1CVSS5.5AI score0.25878EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/12/16 10:35 p.m.9 views

Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter

Impact The Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and possibly authentication bypass if malicious endpoints return fake responses to validate unauthorized users. Patches Fixed by hardcoding the...

8.3CVSS7.2AI score0.00291EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-3600

Malware in sbrugna...

9.8CVSS8.5AI score0.01899EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.4 views

PT-2025-40900

Name of the Vulnerable Software and Affected Versions XWiki versions 2.17.1 through 2.18.1 Description XWiki OpenID Connect OIDC contains tools for manipulating the OpenID Connect protocol. Individuals with VIEW access to a user profile can generate a token for that user in versions prior to...

9.2CVSS6.7AI score0.00536EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.11 views

WordPress plugin RestroPress 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

9.8CVSS6.1AI score0.02196EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2024-38473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially...

8.1CVSS6.6AI score0.25878EPSS
Exploits1References2
OSV
OSV
added 2025/08/11 1:54 p.m.7 views

BIT-LIBPHP-2024-3096 PHP function password_verify can erroneously return true when argument contains NUL

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...

6.5CVSS6.7AI score0.0148EPSS
Exploits1References7
OSV
OSV
added 2025/08/11 1:53 p.m.4 views

BIT-LIBPHP-2023-0567 password_verify() always returns true for some invalid hashes

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS7AI score0.00944EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/07/10 12:0 a.m.13 views

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-1065)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1065 advisory. Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before...

7.5CVSS7.4AI score0.64718EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/05/23 10:7 a.m.7 views

CVE-2024-29006

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrad...

9.8CVSS7.2AI score0.00874EPSS
Exploits0References1
Debian
Debian
added 2025/02/18 12:19 p.m.10 views

[SECURITY] [DLA 4058-1] pam-pkcs11 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4058-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 18, 2025 https://wiki.debian.org/LTS -...

9.2CVSS6.6AI score0.00677EPSS
Exploits0
OSV
OSV
added 2024/09/26 7:52 p.m.4 views

CVE-2024-7594 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2024/07/03 12:0 a.m.6 views

Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the literalizeRegexPart function. The issue results from the lack of proper validation of a...

9.8CVSS7.3AI score0.20171EPSS
Exploits0References1
Rows per page
Query Builder