Lucene search
K

98 matches found

Tenable Nessus
Tenable Nessus
added yesterday6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL...

7.4CVSS6.9AI score0.00264EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-54919 cpp-httplib: TLS certificate chain verification bypassed for IP-literal hosts on Mbed TLS and wolfSSL backends

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIBMBEDTLSSUPPORT or CPPHTTPLIBWOLFSSLSUPPORT and a...

7.4CVSS0.00264EPSS
Exploits0References3
CVE
CVE
added 4 days ago13 views

CVE-2026-54919

cpp-httplib on Mbed TLS and wolfSSL backends was vulnerable to a TLS certificate chain verification bypass for IP-literal hosts (affecting v0.31.0–0.46.1) when server verification was enabled; SSLClient/Client could skip chain validation and Mbed TLS WebSocketClient could skip verification. The i...

7.4CVSS6.9AI score0.00264EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-11310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXT...

8.7CVSS6AI score0.00145EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/29 3:13 p.m.5 views

Important: Red Hat Security Advisory: gnutls and libtasn1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

9.8CVSS7AI score0.01335EPSS
Exploits2References14
EUVD
EUVD
added 2026/06/25 7:38 p.m.5 views

EUVD-2026-39548

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...

8.7CVSS5.9AI score0.00145EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 7:38 p.m.6 views

CVE-2026-11310

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...

8.7CVSS5.9AI score0.00145EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.12 views

Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS : pip vulnerabilities (USN-8344-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8344-1 advisory. It was discovered that pip incorrectly handled TLS certificate verification in session connections. If a session was first used...

8.9CVSS6.8AI score0.00633EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls. This vulnerability arises from the fact that using an excessively long subject alternative name during...

8.2CVSS5.8AI score0.00423EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/05/08 12:0 a.m.75 views

📄 Apache Airflow Databricks Provider Certificate Verification Bypass

The Apache Airflow Databricks Provider package disables TLS certificate verification when communicating with the Kubernetes API server during federated token exchange. Both the synchronous and asynchronous code paths use verify=False / ssl=False, allowing any attacker with network access within t...

4.8CVSS5.9AI score0.00355EPSS
Exploits1
Hacker One
Hacker One
added 2026/04/25 12:18 a.m.27 views

curl: CVE-2026-7009: OCSP stapling bypass with Apple SecTrust

Summary When curl is built with --with-apple-sectrust or -DUSEAPPLESECTRUST=ON and OpenSSL, the --cert-status / CURLOPTSSLVERIFYSTATUS option is silently bypassed when Apple SecTrust handles certificate chain verification instead of OpenSSL. The user explicitly requests OCSP stapling enforcement,...

6.5CVSS5.5AI score0.01102EPSS
Exploits3
NVD
NVD
added 2026/04/09 6:17 p.m.5 views

CVE-2026-35207

dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-center, which provides the deepinid cloud service. Prior to 6.1.80, plugin-deepinid is configured to skip TLS certificate verification when fetching the user's avatar from...

5.4CVSS0.00148EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.9 views

openSUSE 16 Security Update : tomcat10 (openSUSE-SU-2026:20444-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20444-1 advisory. Update to Tomcat 10.1.52: - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. - CVE-2025-55754:...

9.6CVSS7.1AI score0.66535EPSS
Exploits4References19
OSV
OSV
added 2026/03/30 8:17 a.m.5 views

SUSE-SU-2026:20982-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. - CVE-2025-55754: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat bsc125290...

9.6CVSS6.8AI score0.66535EPSS
Exploits4References14
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.4 views

SUSE SLES12: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2026:1058-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1058-1 advisory. Update to Tomcat 9.0.115: - CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to 'MadeYouReset' DoS attack bsc1243895. -...

10CVSS7.1AI score0.99999EPSS
Exploits109References94
SUSE Linux
SUSE Linux
added 2026/03/26 9:46 a.m.3 views

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to "MadeYouReset" DoS attack bsc1243895. CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM...

10CVSS7AI score0.99999EPSS
Exploits109References100
OSV
OSV
added 2026/03/24 4:9 p.m.3 views

SUSE-SU-2026:20926-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation...

9.1CVSS5.8AI score0.00498EPSS
Exploits0References8
OSV
OSV
added 2026/03/24 4:7 p.m.5 views

OPENSUSE-SU-2026:20414-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation...

9.1CVSS5.6AI score0.00498EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.25 views

Fedora 45 : cpp-httplib (2026-06d1b46d1e)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-06d1b46d1e advisory. Automatic update for cpp-httplib-0.38.0-1.fc45. Changelog Tue Mar 17 2026 Petr Menk - 0.38.0-1 - Update to 0.38.0 rhbz2447261 Tue Mar 17 2026 Petr Menk -...

8.7CVSS5.9AI score0.00179EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.5 views

EulerOS 2.0 SP12 : curl (EulerOS-SA-2026-1386)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally an...

6.3CVSS5.9AI score0.00611EPSS
Exploits3References5
Rows per page
Query Builder