Lucene search
K

110 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS0.00158EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.7 views

RHEL 8 : gnutls and libtasn1 (RHSA-2026:30849)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:30849 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such a...

9.8CVSS6.1AI score0.01335EPSS
Exploits2References28
NVD
NVD
added 2026/06/25 9:16 p.m.9 views

CVE-2026-6731

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...

7.5CVSS0.00124EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 8:8 p.m.19 views

CVE-2026-6731 X.509 name constraint bypass via Subject CN treated as a DNS name

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...

6CVSS0.00124EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 7:40 p.m.26 views

CVE-2026-10592 Wildcard DNS SAN bypasses CA name-constraint checks

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS0.00124EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 7:40 p.m.6 views

CVE-2026-10592

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS5.8AI score0.00124EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2025-31272

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges...

7.8CVSS0.00115EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.16 views

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2026-1808)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1808 advisory. Permitted name constraints were wrongfully ignored when prior CAs only had excluded name constraints, resulting in a name constraint bypass. The issue was reported in the issue tracker as 1824...

8.2CVSS5.5AI score0.00475EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.14 views

RockyLinux 10 : opentelemetry-collector (RLSA-2026:19135)

The remote RockyLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:19135 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go:...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.14 views

RockyLinux 10 : tomcat (RLSA-2026:18537)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18537 advisory. tomcat: Apache Tomcat: Security constraint bypass for CGI scripts CVE-2025-46701 org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session...

9.6CVSS7.3AI score0.09917EPSS
Exploits1References7
OSV
OSV
added 2026/05/29 4:3 p.m.11 views

RLSA-2026:18537 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Security constraint bypass for CGI scripts CVE-2025-46701 org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve...

6.5CVSS7AI score0.09917EPSS
Exploits1References4
Rockylinux
Rockylinux
added 2026/05/29 4:3 p.m.17 views

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Page...

9.6CVSS7.2AI score0.09917EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.19 views

RockyLinux 9 : opentelemetry-collector (RLSA-2026:19353)

The remote RockyLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:19353 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go:...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.14 views

RHEL 9 : opentelemetry-collector (RHSA-2026:19721)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19721 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: net/url: Incorrect parsing of IPv6 host litera...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.14 views

RHEL 9 : opentelemetry-collector (RHSA-2026:19720)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19720 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: net/url: Incorrect parsing of IPv6 host litera...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References18
RedHat Linux
RedHat Linux
added 2026/05/19 9:22 a.m.12 views

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

7.3CVSS7.3AI score0.02608EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/19 9:22 a.m.16 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.6CVSS7AI score0.09917EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.22 views

RHEL 9 : tomcat (RHSA-2026:18916)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18916 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat:...

9.6CVSS7.1AI score0.09917EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:51 p.m.13 views

CVE-2026-42011

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities CAs only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate...

7.4CVSS5.8AI score0.00475EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/03/31 10:45 p.m.3 views

CVE-2026-34073

A flaw was found in the cryptography library. This vulnerability occurs because DNS Domain Name System name constraints were not properly validated against the "peer name" during certificate validation, only against Subject Alternative Names SANs within child certificates. This oversight could...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References4
Rows per page
Query Builder