Lucene search
+L

2541 matches found

cvelist
cvelist
added 2026/06/23 7:17 p.m.38 views

CVE-2026-54762 Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

5.9CVSS0.0036EPSS
Exploits1References2
alpinelinux
alpinelinux
added 2026/06/23 7:17 p.m.6 views

CVE-2026-54762

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

8.6CVSS5.8AI score0.0036EPSS
Exploits1References2
nvd
nvd
added 2026/06/23 5:17 p.m.9 views

CVE-2026-55447

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...

9.6CVSS0.00411EPSS
Exploits1References2
redhat
redhat
added 2026/06/23 10:39 a.m.9 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.9AI score0.00558EPSS
Exploits0References5
nvd
nvd
added 2026/06/22 6:16 p.m.12 views

CVE-2026-54276

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to...

6.3CVSS0.00178EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/22 4:36 p.m.4 views

CVE-2026-54276

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to...

6.3CVSS5.9AI score0.00178EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/06/22 4:36 p.m.35 views

CVE-2026-54276 AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to...

6.3CVSS0.00178EPSS
Exploits0References2
cve
cve
added 2026/06/22 4:36 p.m.55 views

CVE-2026-54276

CVE-2026-54276 affects the AIOHTTP framework prior to version 3.14.1, where DigestAuthMiddleware could send an authentication response after following a cross-origin redirect. This requires an open redirect or similar condition on the target domain and exposes the Digest header, potentially allow...

6.3CVSS5.9AI score0.00178EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/22 4:36 p.m.3 views

CVE-2026-54276 AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to...

6.3CVSS5.9AI score0.00178EPSS
Exploits0References4
nvd
nvd
added 2026/06/22 4:16 p.m.15 views

CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

5.9CVSS0.00403EPSS
Exploits0References2
osv
osv
added 2026/06/22 2:50 p.m.4 views

SUSE-SU-2026:22340-1 Security update for mutt

This update for mutt fixes the following issues - CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. - CVE-2026-43860: truncation of hashpasswd by one byte for IMAP authcram MD5 digest bsc1263896. - CVE-2026-43861: missing check for \0 in urlpctdecode...

3.7CVSS5.8AI score0.00201EPSS
Exploits0References14
euvd
euvd
added 2026/06/22 1:55 p.m.8 views

EUVD-2026-38278

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

5.9CVSS6.1AI score0.00403EPSS
Exploits0References2
osv
osv
added 2026/06/22 9:32 a.m.2 views

SUSE-SU-2026:22313-1 Security update for gsasl

This update for gsasl fixes the following issues: Changes in gsasl: - CVE-2026-48829: DIGEST-MD5: Fix NULL pointer dereference in parser bsc1266371...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References3
osv
osv
added 2026/06/22 9:25 a.m.3 views

OPENSUSE-SU-2026:21004-1 Security update for gsasl

This update for gsasl fixes the following issues: Changes in gsasl: - CVE-2026-48829: DIGEST-MD5: Fix NULL pointer dereference in parser bsc1266371...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References2
redhat
redhat
added 2026/06/22 5:40 a.m.9 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.9AI score0.00558EPSS
Exploits0References5
nessus
nessus
added 2026/06/22 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-54276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after...

6.3CVSS6.1AI score0.00178EPSS
Exploits0References2
osv
osv
added 2026/06/20 6:57 a.m.6 views

SUSE-SU-2026:22199-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS6.2AI score0.4581EPSS
Exploits18References23
osv
osv
added 2026/06/20 6:56 a.m.2 views

OPENSUSE-SU-2026:21115-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS7.3AI score0.4581EPSS
Exploits18References22
osv
osv
added 2026/06/20 6:56 a.m.2 views

SUSE-SU-2026:22197-1 Security update for tomcat10

This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....

9.8CVSS6.7AI score0.01339EPSS
Exploits2References15
osv
osv
added 2026/06/20 6:56 a.m.2 views

SUSE-SU-2026:22195-1 Security update for tomcat

This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...

9.8CVSS6.7AI score0.01339EPSS
Exploits2References15
Rows per page
Query Builder