Lucene search
K

777 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.7 views

Oracle Linux 9 : tomcat (ELSA-2026-26323)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26323 advisory. - Resolves: Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled CVE-2026-34500 - Resolves: Tomcat: Cloud membership for clustering...

9.1CVSS7.3AI score0.15831EPSS
Exploits6References2
EUVD
EUVD
added 2026/06/24 6:32 p.m.4 views

EUVD-2026-38824

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephxdecrypt In cephxdecrypt, a part of the buffer p is interpreted as a cephxencryptheader, and the magic field of this struct is accessed. This happens without any guarantee that t...

5.9AI score0.00359EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 6:29 p.m.3 views

Security Bulletin: Vulnerabilities found in Watson Data Intelligence

Summary Multiple Vulnerabilities were addressed in Watson Data Intelligence version 5.3.1-patch3. Vulnerability Details CVEID:CVE-2025-14917 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expecte...

9.8CVSS6.6AI score0.03494EPSS
Exploits3Affected Software1
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-52956

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephxdecrypt In cephxdecrypt, a part of the buffer p is interpreted as a cephxencryptheader, and the magic field of this struct is accessed. This happens without any guarantee that t...

7.5CVSS0.00359EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Do not allow journal inode to have the encrypt flag Mounting a filesystem whose journal inode has the encrypt flag causes a NULL dereference in fscryptlimitioblocks when the 'inlinecrypt' mount option is used. The problem...

5.5CVSS5.7AI score0.00093EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Therefore, dereferencing req-iv after its return is invalid...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23, and 7.4.x below 7.4.11, when AES-CCM mode is used with the opensslencrypt function and a 12-byte IV is provided, only the first 7 bytes of the IV are actually used. This can result in reduced security and incorrect encrypted data...

6.5CVSS6.7AI score0.02055EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 a.m.6 views

CVE-2026-50892

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

5.2AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:0 a.m.13 views

CVE-2026-50892

CVE-2026-50892 affects Nginx Proxy Manager v2.14.0. The root cause is improper access control on the Let’s Encrypt certificate download endpoint, allowing authenticated attackers to obtain TLS private key material via a crafted GET request. The impact is limited to confidentiality, with the CVSS ...

6.5CVSS5.3AI score0.00171EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 9:35 a.m.16 views

Malicious code in typeorm-encrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a56a819a1e640411db5e485054b23282d0d04f847270ea17c605cbfa6e6ab5ac The published tarball contains lib/lib.min.js, a heavily obfuscated file that stashes Node intrinsics on globals global'r'=require; global'm'=module;...

5.4AI score
Exploits0References3
OSV
OSV
added 2026/06/11 9:35 a.m.13 views

MAL-2026-5633 Malicious code in typeorm-encrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a56a819a1e640411db5e485054b23282d0d04f847270ea17c605cbfa6e6ab5ac The published tarball contains lib/lib.min.js, a heavily obfuscated file that stashes Node intrinsics on globals global'r'=require; global'm'=module;...

5.5AI score
Exploits0References3
Cvelist
Cvelist
added 2026/06/02 10:9 p.m.37 views

CVE-2026-25861 QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

8.2CVSS0.00178EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:9 p.m.9 views

CVE-2026-25861

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

8.2CVSS5.8AI score0.00178EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45872

Name of the Vulnerable Software and Affected Versions QloApps versions prior to 1.7.0 commit 64e9722 Description The software uses a weak cryptographic algorithm for password hashing. Specifically, the encrypt function in classes/Tools.php utilizes MD5, concatenating a static cookie key with the...

8.2CVSS5.8AI score0.00178EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/31 11:0 a.m.11 views

CVE-2026-10179

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

9CVSS7.8AI score0.03198EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/26 12:59 p.m.16 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS7.2AI score0.03494EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/26 12:55 p.m.13 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS7.2AI score0.03494EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/19 4:30 p.m.12 views

CVE-2026-43492

A flaw was found in the Linux kernel. A local user could trigger an integer underflow in the mpireadrawfromsgl function within the lib/crypto: mpi component. This occurs when invoking a KEYCTLPKEYENCRYPT system call with a larger output length than input length and providing a zero-filled input...

5.5CVSS5.8AI score0.00145EPSS
Exploits0References4
OSV
OSV
added 2026/05/19 4:18 p.m.4 views

GHSA-HC3C-63HC-2R9F libcrux: Potential Panic on Overlong Ciphertext Buffer

An application that passes in a ciphertext buffer of length greater than ptxt.len + TAGLEN to libcruxchacha20poly1305::encrypt or libcruxchacha20poly1305::xchacha20poly1305::encrypt would experience a panic. Impact An application where the length of the ciphertext buffer is under attacker control...

8.2CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41874

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer underflow exists in the mpi read raw from sgl function. This occurs when the number of leading zeros in a scatterlist exceeds the nbytes parameter, causing an underflow during...

5.5CVSS5.9AI score0.00145EPSS
Exploits0References65
Rows per page
Query Builder