Lucene search
K

1372 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago5 views

libcurl 8.11.0 < 8.21.0 HTTP/3 Early Data Information Disclosure (CVE-2026-9545)

The version of libcurl installed on the remote host is 8.11.0 prior to 8.21.0. It is, therefore, affected by an information disclosure vulnerability: - When libcurl returns to a hostname with a cached SSL session and early data enabled, libcurl might send the request bytes before enforcing the...

7.5CVSS6.1AI score0.00408EPSS
Exploits1References2
NVD
NVD
added 5 days ago8 views

CVE-2026-31982

An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...

7.1CVSS0.00167EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42532

An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...

7.1CVSS6AI score0.00167EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/07/07 2:9 p.m.5 views

CVE-2026-48588

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...

5.3CVSS6AI score0.00375EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/07/06 7:51 p.m.4 views

CVE-2026-9545

A flaw was found in libcurl. An attacker can exploit this by replacing a legitimate HTTP/3 server with an impostor machine. When libcurl attempts a second transfer to the same site with a cached SSL session and early data enabled, it may send sensitive request data before verifying the server's...

7.5CVSS5.6AI score0.00408EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.6 views

undici: Undici: Information disclosure due to improper cache-control header parsing

A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...

5.9CVSS7AI score0.00374EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/03 6:17 a.m.7 views

EUVD-2026-41493

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

5.8AI score0.00408EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/03 6:17 a.m.51 views

CVE-2026-9545 exposing HTTP/3 early data

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

0.00408EPSS
Exploits1References3
NVD
NVD
added 2026/07/02 9:16 p.m.5 views

CVE-2026-58460

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 8:10 p.m.8 views

EUVD-2026-41437

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 8:10 p.m.14 views

CVE-2026-58460

CVE-2026-58460 affects the React Native package react-native-receive-sharing-intent. A path traversal vulnerability allows a co-resident malicious app to write files outside the intended cache directory by supplying a crafted _display_name with dot-dot path components via a malicious ContentProvi...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 8:10 p.m.7 views

CVE-2026-58460

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/01 9:19 p.m.6 views

Deserialization of Untrusted Data

Overview software.amazon.jdbc:aws-advanced-jdbc-wrapper is an Amazon Web Services AWS Advanced JDBC Wrapper Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the CachedResultSet deserialization path in the RemoteQueryCachePlugin. An attacker can execute...

8.8CVSS6.7AI score0.00416EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 12:16 a.m.8 views

CVE-2026-54902

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...

6.3CVSS0.00253EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/30 11:40 p.m.6 views

CVE-2026-54902

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...

6.3CVSS5.7AI score0.00253EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/30 12:13 a.m.6 views

org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files

A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service...

7.5CVSS6.5AI score0.01941EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/30 12:12 a.m.6 views

org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files

A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service...

7.5CVSS6.5AI score0.01941EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 12:32 a.m.5 views

EUVD-2026-39576

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

6CVSS5.9AI score0.0021EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

Curl 8.11.0 < 8.21.0 HTTP/3 Early Data Information Disclosure

The version of curl installed on the remote host is 8.11.0 prior to 8.21.0. It is, therefore, affected by an information disclosure vulnerability: - When libcurl returns to a hostname with a cached SSL session and early data enabled, libcurl might send the request bytes before enforcing the...

7.5CVSS6AI score0.00408EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/25 11:23 p.m.46 views

CVE-2026-13218 Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS0.00107EPSS
Exploits0References2
Rows per page
Query Builder