Lucene search
K

29655 matches found

Cvelist
Cvelist
added 6 days ago51 views

CVE-2026-8932 incomplete mTLS config matching in conn reuse

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

0.00288EPSS
Exploits1References3
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41504

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6AI score0.00431EPSS
Exploits1References3
CVE
CVE
added 6 days ago16 views

CVE-2026-8458

CVE-2026-8458 affects libcurl where, under Negotiate-authenticated requests, a logical error can cause a reused connection to be authenticated for a different service. This could allow a request to be served using credentials for another service, impacting integrity (high) and potentially exposin...

6.5CVSS6AI score0.00431EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 6 days ago44 views

CVE-2026-8458 wrong reuse for different services

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

0.00431EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 6 days ago5 views

CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS6AI score0.00431EPSS
Exploits1References3
CVE
CVE
added 6 days ago24 views

CVE-2026-8286

CVE-2026-8286 affects the curl project where a new transfer using STARTTLS to upgrade a connection can reuse an existing live connection despite a TLS configuration mismatch. Concrete details across connected docs show curl versions affected (pre-8.21.0 for 7.30.0 specifically) and indicate the r...

8.1CVSS5.9AI score0.00413EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41503

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

5.9AI score0.00413EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago43 views

CVE-2026-8286 wrong STARTTLS connection reuse

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

0.00413EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 6 days ago6 views

CVE-2026-8286

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

8.1CVSS5.9AI score0.00413EPSS
Exploits1References3
CVE
CVE
added 6 days ago20 views

CVE-2026-11564

CVE-2026-11564 (libcurl) describes an issue where libcurl keeps previously used connections in a pool and may continue trusting the native CA store after an application switches a handle to custom CA material for a later transfer. The connected sources confirm this behavior across multiple feeds ...

9.1CVSS6AI score0.00479EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41499

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

6AI score0.00479EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-11564 Native CA trust persist

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

0.00479EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 6 days ago4 views

CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS6AI score0.00479EPSS
Exploits1References3
CVE
CVE
added 2026/07/02 11:40 p.m.17 views

CVE-2026-13768

CVE-2026-13768 affects Gardyn Home Kit and Gardyn Studio. The root cause is exposure of a privileged iothubowner credential, which enables a malicious user to invoke IoTHub Registry Manager functions to obtain connection information for all Gardyn devices and to execute commands on a specific dev...

10CVSS6AI score0.00559EPSS
Exploits1References3
OSV
OSV
added 2026/07/02 8:31 p.m.2 views

GHSA-Q62H-354G-5R85 Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords

Summary The Sanitizer component in the Environment actuator redacts configuration values by matching the configuration key name against a suffix list. The default list password, secret, key, token, .credentials., vcapservices does not cover the standard .NET pattern ConnectionStrings: or Steeltoe...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/02 8:31 p.m.12 views

EUVD-2026-37811

Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 4:6 p.m.35 views

CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...

6.3CVSS0.00135EPSS
Exploits0References5
CVE
CVE
added 2026/07/02 1:43 p.m.25 views

CVE-2026-53357

CVE-2026-53357 triggers a use-after-free in the Linux kernel Bluetooth stack (l2cap) when closing a listening socket: bt_accept_dequeue() temporarily holds the child, then cleanup_listen() may operate on a sk that has already been freed by l2cap_conn_del() during an HCI disconnect. The race occur...

5.8AI score0.00165EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/07/02 1:43 p.m.5 views

CVE-2026-53357

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2capsockcleanuplisten vs l2capconndel btacceptdequeue unlinks a not-yet-accepted child from the parent accept queue and releasesocks it before returning, so the returned sk has no caller reference and is...

5.8AI score0.00165EPSS
Exploits0
NVD
NVD
added 2026/07/02 4:17 a.m.7 views

CVE-2026-57277

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS0.0028EPSS
Exploits0References2
Rows per page
Query Builder