5172 matches found
CVE-2026-40378
Memory allocation with excessive size value in Windows Local Security Authority Subsystem Service LSASS allows an unauthorized attacker to deny service over a network...
CVE-2026-49799 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
...
CVE-2026-49799 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
...
CVE-2026-49799
Technical details are not publicly available in the provided documents. No confirmed affected products, fixes, or exploit specifics are described here; monitor official sources for updates.
CVE-2026-40378 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
...
CVE-2026-40378
CVE-2026-40378 affects Windows Local Security Authority Subsystem Service (LSASS). A memory allocation with an excessive size value can allow an unauthenticated attacker to cause a network-based denial of service. The CVSSv3.1 base score is 7.5 (HIGH). No exploitation details are provided in the ...
CVE-2026-40378 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
...
EUVD-2026-43646
In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...
CVE-2026-6790
In Eclipse Jetty, HTTP/1 requests to HTTP/1.3 (HTTP/2/3 included) do not enforce that the request authority (host and port) matches the Host header when present. This mismatch can affect URI redirects, virtual host selection, reverse proxying, and logs. The issue is described across CVE sources (...
EUVD-2026-43573
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...
PT-2026-60097
Name of the Vulnerable Software and Affected Versions nebula-mesh affected versions not specified Description The web handler renderMobileBundle passes a pki.CAResolver to the mobilebundle.Build function, which decrypts the CA's ed25519 private key into a pki.CAManager. However, the Build functio...
golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...
FreeBSD : Apache HttpClient -- misinterpret malformed authority component (fa0c03dd-7c3a-11f1-8dc2-dca632daf43b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fa0c03dd-7c3a-11f1-8dc2-dca632daf43b advisory. Apache Software Foundation reports: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can...
ROS-20260710-73-0004
The vulnerability of the url.Parse function in the host/authority component of the Go programming language is related to improper syntax validation of input. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...
fast-uri: fast-uri: URI authority bypass due to improper delimiter handling
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...
golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey
A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority CA. A remote attacker could potentially exploit this by presenting a revoked key, leading t...
golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey
A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority CA. A remote attacker could potentially exploit this by presenting a revoked key, leading t...
golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...
CVE-2026-11564
A flaw was found in curl. When libcurl reuses a connection from its connection pool, an easy handle that initially used default native Certificate Authority CA trust may continue to trust the native platform store. This occurs even after the application has switched that same handle to custom CA...