Lucene search
K

156 matches found

OSV
OSV
added 3 days ago4 views

SUSE-SU-2026:2692-1 Security update for docker

This update for docker fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265782. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass...

9.6CVSS7.8AI score0.00781EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 4 days ago4 views

gnutls: gnutls: Security bypass due to incorrect name constraint handling

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities CAs only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate...

7.4CVSS5.8AI score0.00475EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago7 views

Important: Red Hat Security Advisory: gnutls and libtasn1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

9.8CVSS7AI score0.01335EPSS
Exploits2References14
RedHat Linux
RedHat Linux
added 4 days ago7 views

Important: Red Hat Security Advisory: gnutls and libtasn1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

9.8CVSS7AI score0.01335EPSS
Exploits2References14
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

RHEL 8 : gnutls and libtasn1 (RHSA-2026:30849)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:30849 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such a...

9.8CVSS6.1AI score0.01335EPSS
Exploits2References28
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

RHEL 9 : gnutls (RHSA-2026:32962)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:32962 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such a...

9.8CVSS6.1AI score0.01335EPSS
Exploits1References26
OSV
OSV
added 2026/06/26 2:16 a.m.3 views

ALPINE-CVE-2026-48934

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS6.1AI score0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:16 a.m.8 views

CVE-2026-48934

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS0.00258EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/26 1:14 a.m.7 views

CVE-2026-48934

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS6.4AI score0.00258EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:14 a.m.9 views

CVE-2026-48934

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS6.4AI score0.00258EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/26 1:14 a.m.7 views

EUVD-2026-39612

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS6.3AI score0.00258EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

RHEL 9 : gnutls (RHSA-2026:30004)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:30004 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such a...

9.8CVSS6.1AI score0.01335EPSS
Exploits1References26
ATTACKERKB
ATTACKERKB
added 2026/06/25 7:31 p.m.4 views

CVE-2026-55960

Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/25 6:37 p.m.6 views

Important: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS6AI score0.01335EPSS
Exploits1References13
OSV
OSV
added 2026/06/25 12:44 p.m.2 views

OPENSUSE-SU-2026:21060-1 Security update for docker

This update for docker fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265782. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass...

9.6CVSS7.3AI score0.00781EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.4 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.7AI score0.00765EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/06/18 2:28 p.m.9 views

undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Impact undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername...

7.4CVSS5.9AI score0.00375EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/17 4:46 p.m.37 views

CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS0.00375EPSS
Exploits0References2
Veracode
Veracode
added 2026/06/16 6:57 p.m.8 views

Improper Certificate Validation

Netty is vulnerable to Improper Certificate Validation. The vulnerability is due to improper wrapping of user-supplied X509TrustManager instances that bypasses hostname verification during TLS certificate validation, which allows an attacker to perform man-in-the-middle attacks using certificates...

7.5CVSS5.2AI score0.00269EPSS
Exploits0References12Affected Software1
GithubExploit
GithubExploit
added 2026/06/16 11:8 a.m.73 views

Exploit for Improper Authentication in Checkpoint Gaia_Os

CVE-2026-50751 Scanner Multi-target detection scanner for CV...

9.3CVSS6.2AI score0.70099EPSS
Exploits5
Rows per page
Query Builder