Lucene search
K

29708 matches found

Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56248

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An issue exists in the H2 database JDBC URL validation logic where special Unicode characters can be used to bypass security checks. This occurs because the case-conversion behavior of these...

8.7CVSS6.2AI score0.00375EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 5 days ago4 views

CVE-2026-8286

A flaw was found in curl. When a new data transfer attempts to upgrade its connection using STARTTLS, it may incorrectly reuse an existing live connection. This reuse can occur even if the Transport Layer Security TLS configuration of the new transfer does not match the existing connection,...

8.1CVSS5.8AI score0.0052EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-8932

A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...

7.5CVSS6AI score0.00368EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 5 days ago5 views

undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing

A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from...

8.8CVSS6.6AI score0.00358EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago4 views

kernel: nvmet-tcp: fix race between ICReq handling and queue teardown

A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...

9.8CVSS6AI score0.00353EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago4 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.2AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago4 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.2AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago6 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak p...

9.1CVSS6.1AI score0.00533EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/04 1:42 p.m.10 views

Malicious code in paperclip2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6fbcfc445b1a599943dac3ca0691633629c6804037b38fcf6113062f6add848 package.json declares a postinstall lifecycle script that runs node -e code opening a TCP connection to 185.112.147.174:7007 and piping the socket to...

6.5AI score
Exploits0References2
CVE
CVE
added 2026/07/03 10:30 a.m.27 views

CVE-2026-10055

CVE-2026-10055 affects Eclipse Theia (since 1.26.0). The issue arises in the backend /services/request-service RPC, which accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, then performs the HTTP request server-side and returns the full resp...

8.5CVSS6AI score0.00297EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 8:18 a.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the connection reuse process. An attacker can gain unauthorized access to resources or services by exploiting the reuse of an authenticated connection intended for a different service. Remediation Upgrade libcur...

6.9CVSS6AI score0.00543EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/03 8:18 a.m.6 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the connection pool process. An attacker can bypass intended certificate validation by reusing a handle that initially used the default native CA trust and then switching it to custom CA...

9.1CVSS6AI score0.0061EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/03 8:18 a.m.4 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to incomplete matching of mTLS configuration options during connection reuse in the connection process. An attacker can cause connections to be reused with incorrect client certificate...

9.3CVSS6.1AI score0.00368EPSS
Exploits1References2
OSV
OSV
added 2026/07/03 7:16 a.m.3 views

ALPINE-CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS6.2AI score0.00368EPSS
Exploits1References1
OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.9AI score0.00408EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.6 views

CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS0.00368EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 7:16 a.m.5 views

ALPINE-CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS6AI score0.00543EPSS
Exploits1References1
OSV
OSV
added 2026/07/03 7:16 a.m.3 views

ALPINE-CVE-2026-8286

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

8.1CVSS5.9AI score0.0052EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.8 views

CVE-2026-8286

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

8.1CVSS0.0052EPSS
Exploits1References3
NVD
NVD
added 2026/07/03 7:16 a.m.11 views

CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS0.00543EPSS
Exploits1References3
Rows per page
Query Builder