Lucene search
K

12028 matches found

EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43573

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

6.1AI score
Exploits0References3
CVE
CVE
added yesterday9 views

CVE-2026-58101

CVE-2026-58101 affectsCrypt::OpenSSL::X509 on Perl up to version 2.1.3. The issue arises when parsing X509 extensions: X509V3_EXT_d2i(ext) may return NULL; subsequent dereferences of the result in basicC, ia5string, auth_att, and keyid_data occur without a NULL check. If an affected helper is inv...

6.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls t...

8.1CVSS6.1AI score0.00364EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago5 views

golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS5.9AI score0.00394EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42637

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends...

7.5CVSS6AI score0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-13462 PayRange for Android, version 7.0.7, contains an SSL bypass vulnerability

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends...

0.00229EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-13462

PayRange Android app (version 7.0.7 and below) is affected by CVE-2026-13462 due to an SSL bypass in WebViews, allowing invalid certificates to be accepted. This enables a remote, unauthenticated attacker to intercept and exfiltrate data the user submits via the app. Attack surface is the app’s W...

7.5CVSS6AI score0.00229EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-13462

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends...

7.5CVSS6AI score0.00229EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 5 days ago6 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7AI score0.00615EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-59818

A flaw was found in etcd, a distributed key-value store. When etcd is configured to use separate listeners for HTTP and gRPC client endpoints, the Certificate Revocation List CRL is not properly enforced on the gRPC listener. This oversight allows a client with a revoked certificate to successful...

8.1CVSS5.9AI score0.00364EPSS
Exploits0References12
CERT
CERT
added 5 days ago6 views

PayRange Android app version 7.0.7 contains multiple vulnerabilities

Overview PayRange is a mobile payment app that allows users to pay for vending machines, laundromats, and other unattended machines using a smartphone with Bluetooth. Two vulnerabilities were discovered in version 7.0.7 of the PayRange app that is available in the Google Play store. Description A...

9.6CVSS6AI score0.0034EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00364EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00364EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago3 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7AI score0.00615EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/06 1:3 p.m.6 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7.1AI score0.00615EPSS
Exploits0References8
Snyk
Snyk
added 2026/07/03 8:18 a.m.5 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to incomplete matching of mTLS configuration options during connection reuse in the connection process. An attacker can cause connections to be reused with incorrect client certificate...

9.3CVSS6.1AI score0.00368EPSS
Exploits1References2
NVD
NVD
added 2026/07/03 7:16 a.m.6 views

CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS0.00368EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/03 6:16 a.m.72 views

CVE-2026-8932 incomplete mTLS config matching in conn reuse

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

0.00368EPSS
Exploits1References3
OSV
OSV
added 2026/07/02 2:13 p.m.5 views

PYSEC-2026-656 OpenStack Keystone and other components vulnerable to Improper Certificate Validation

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...

5.9CVSS5.9AI score0.00962EPSS
Exploits1References14
RedHat Linux
RedHat Linux
added 2026/07/01 7:33 p.m.7 views

crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...

7.5CVSS5.8AI score0.00939EPSS
Exploits0References8
Rows per page
Query Builder