Lucene search
+L

86 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-53712

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to 3.3, a flaw in com.ongres.scram:scram-client and com.ongres.scram:scram-common allows an attacker capable of a TLS...

8.2CVSS0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-53712 SCRAM: Silent channel-binding authentication downgrade via unsupported certificate algorithms

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to 3.3, a flaw in com.ongres.scram:scram-client and com.ongres.scram:scram-common allows an attacker capable of a TLS...

8.2CVSS0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 days ago11 views

CVE-2026-53712 SCRAM: Silent channel-binding authentication downgrade via unsupported certificate algorithms

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to 3.3, a flaw in com.ongres.scram:scram-client and com.ongres.scram:scram-common allows an attacker capable of a TLS...

8.2CVSS5.4AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

CVE-2026-53712 SCRAM: Silent channel-binding authentication downgrade via unsupported certificate algorithms

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to 3.3, a flaw in com.ongres.scram:scram-client and com.ongres.scram:scram-common allows an attacker capable of a TLS...

8.2CVSS5.5AI score0.0026EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/09 4:57 p.m.9 views

EUVD-2026-42630

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parentid to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose...

3.1CVSS5.9AI score0.00255EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/09 4:57 p.m.35 views

CVE-2026-59215 Open WebUI: Private channel messages can be disclosed through cross-channel thread parent_id binding

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parentid to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose...

3.1CVSS0.00255EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-54291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from...

8.2CVSS6.1AI score0.00236EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/06 8:42 p.m.6 views

Incorrect Implementation of Authentication Algorithm

Overview org.postgresql:postgresql is a Java JDBC 4.2 JRE 8+ driver for PostgreSQL database. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm in the ScramAuthenticator class, which fails open by confirming only that the server advertised a...

8.2CVSS6AI score0.00236EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 7:17 p.m.12 views

CVE-2026-54291

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS0.00236EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/06 6:55 p.m.33 views

CVE-2026-54291 Silent channel-binding authentication downgrade via unsupported certificate algorithms

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS0.00236EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:55 p.m.5 views

CVE-2026-54291

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS5.9AI score0.00236EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/07/06 6:55 p.m.10 views

EUVD-2026-41903

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS5.9AI score0.00236EPSS
Exploits0References3
CVE
CVE
added 2026/07/06 6:55 p.m.120 views

CVE-2026-54291

CVE-2026-54291 affects pgjdbc (OpenJDK PostgreSQL JDBC Driver) in versions 42.7.4–42.7.11. The issue allows a silent downgrade of channelBinding from SCRAM-SHA-256-PLUS to plain SCRAM-SHA-256 when an attacker can intercept TLS and presents a certificate whose signature algorithm lacks a tls-serve...

8.2CVSS5.9AI score0.00236EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/06 6:55 p.m.4 views

CVE-2026-54291 Silent channel-binding authentication downgrade via unsupported certificate algorithms

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS5.9AI score0.00236EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.13 views

PT-2026-54841

Name of the Vulnerable Software and Affected Versions pgjdbc versions 42.7.4 through 42.7.11 Description Connections using channelBinding=require can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256. This results in the loss of man-in-the-middle protectio...

8.2CVSS6AI score0.00236EPSS
Exploits0References16
Github Security Blog
Github Security Blog
added 2026/07/01 9:51 p.m.8 views

OnGres SCRAM silent channel-binding authentication downgrade via unsupported certificate algorithms

Summary A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle MITM attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding, bypassing strict client-side enforcement...

8.2CVSS5.8AI score0.0026EPSS
Exploits0References2Affected Software2
Snyk
Snyk
added 2026/07/01 9:51 p.m.4 views

Not Failing Securely ('Failing Open')

Overview Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the TlsServerEndpoint process when a server presents an X.509 certificate using a modern signature algorithm lacking traditional naming structures. An attacker can bypass strict client-side...

8.2CVSS6AI score0.0026EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:51 p.m.6 views

Not Failing Securely ('Failing Open')

Overview Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the TlsServerEndpoint process when a server presents an X.509 certificate using a modern signature algorithm lacking traditional naming structures. An attacker can bypass strict client-side...

8.2CVSS6AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 9:51 p.m.8 views

GHSA-P9JG-FCR6-3MHF OnGres SCRAM silent channel-binding authentication downgrade via unsupported certificate algorithms

Summary A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle MITM attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding, bypassing strict client-side enforcement...

8.2CVSS5.8AI score0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-55221

Name of the Vulnerable Software and Affected Versions com.ongres.scram:scram-client versions prior to 3.3 com.ongres.scram:scram-common versions prior to 3.3 Description A flaw in com.ongres.scram:scram-client and com.ongres.scram:scram-common allows an attacker performing a TLS man-in-the-middle...

8.2CVSS5.3AI score0.0026EPSS
Exploits0References4
Rows per page
Query Builder