Lucene search
+L

5172 matches found

NVD
NVD
added 2 days ago3 views

CVE-2026-40378

Memory allocation with excessive size value in Windows Local Security Authority Subsystem Service LSASS allows an unauthorized attacker to deny service over a network...

7.5CVSS0.00834EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago19 views

CVE-2026-49799 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

...

6.5CVSS0.0079EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago2 views

CVE-2026-49799 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

...

6.5CVSS6.1AI score0.0079EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-49799

Technical details are not publicly available in the provided documents. No confirmed affected products, fixes, or exploit specifics are described here; monitor official sources for updates.

6.5CVSS6.1AI score0.0079EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago20 views

CVE-2026-40378 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

...

7.5CVSS0.00834EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-40378

CVE-2026-40378 affects Windows Local Security Authority Subsystem Service (LSASS). A memory allocation with an excessive size value can allow an unauthenticated attacker to cause a network-based denial of service. The CVSSv3.1 base score is 7.5 (HIGH). No exploitation details are provided in the ...

7.5CVSS6.1AI score0.00834EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago2 views

CVE-2026-40378 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

...

7.5CVSS6.1AI score0.00834EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43646

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS6.1AI score0.00196EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-6790

In Eclipse Jetty, HTTP/1 requests to HTTP/1.3 (HTTP/2/3 included) do not enforce that the request authority (host and port) matches the Host header when present. This mismatch can affect URI redirects, virtual host selection, reverse proxying, and logs. The issue is described across CVE sources (...

5.3CVSS6.1AI score0.00196EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43573

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

6.1AI score0.00212EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-60097

Name of the Vulnerable Software and Affected Versions nebula-mesh affected versions not specified Description The web handler renderMobileBundle passes a pki.CAResolver to the mobilebundle.Build function, which decrypts the CA's ed25519 private key into a pki.CAManager. However, the Build functio...

8.7CVSS6.2AI score
Exploits0References6
RedHat Linux
RedHat Linux
added 3 days ago5 views

golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS6.1AI score0.00394EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

FreeBSD : Apache HttpClient -- misinterpret malformed authority component (fa0c03dd-7c3a-11f1-8dc2-dca632daf43b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fa0c03dd-7c3a-11f1-8dc2-dca632daf43b advisory. Apache Software Foundation reports: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can...

5.3CVSS6.7AI score0.08665EPSS
Exploits1References3
Redos
Redos
added 6 days ago6 views

ROS-20260710-73-0004

The vulnerability of the url.Parse function in the host/authority component of the Go programming language is related to improper syntax validation of input. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

7.5CVSS6.3AI score0.0052EPSS
Exploits0
RedHat Linux
RedHat Linux
added last week5 views

golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS5.9AI score0.00394EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added last week5 views

fast-uri: fast-uri: URI authority bypass due to improper delimiter handling

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...

7.5CVSS6AI score0.00475EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/09 7:38 a.m.5 views

golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority CA. A remote attacker could potentially exploit this by presenting a revoked key, leading t...

9.1CVSS6AI score0.00487EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/09 5:35 a.m.7 views

golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority CA. A remote attacker could potentially exploit this by presenting a revoked key, leading t...

9.1CVSS6AI score0.00487EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/09 5:35 a.m.7 views

golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS5.9AI score0.00394EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/07/08 7:27 p.m.4 views

CVE-2026-11564

A flaw was found in curl. When libcurl reuses a connection from its connection pool, an easy handle that initially used default native Certificate Authority CA trust may continue to trust the native platform store. This occurs even after the application has switched that same handle to custom CA...

9.1CVSS5.8AI score0.0061EPSS
Exploits1References6
Rows per page
Query Builder