Lucene search
+L

6 matches found

hackerone
hackerone
added 2026/05/13 9:34 p.m.10 views

curl: CVE-2026-8932: incomplete mTLS config matching in conn reuse

Hi all, This report and my multiple subsequent ones may come as a surprise, as I was assured that curl now had zero vulnerabilities in it. Nonetheless, I think the CVE-2022-27782 fix "TLS and SSH connection too eager reuse", commit f18af4f874 2022-05-09, "tls: check more TLS details for connectio...

7.5CVSS6.6AI score0.02596EPSS
Exploits2
euvd
euvd
added 2025/10/03 8:7 p.m.10 views

EUVD-2024-2135

Malicious code in bioql PyPI...

7.1CVSS6.4AI score0.00369EPSS
Exploits0References4
osv
osv
added 2025/08/29 1:32 a.m.7 views

CVE-2025-9604 coze-studio aes.go hard-coded key

A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...

6.3CVSS5.5AI score0.00223EPSS
Exploits0References8
ibm
ibm
added 2023/04/24 2:18 p.m.21 views

Security Bulletin: TLS 1.0 and TLS 1.1 is enabled in IBM Safer Payments (CVE-2023-27557)

Summary IBM Safer Payments had older TLS 1.0 and TLS 1.1 protocols enabled by default. These protocols are now disabled. Vulnerability Details CVEID:CVE-2023-27557 DESCRIPTION: IBM Counter Fraud Management for Safer Payments uses weaker than expected cryptographic algorithms that could allow an...

7.5CVSS6.4AI score0.00369EPSS
Exploits0Affected Software1
vulnrichment
vulnrichment
added 2023/02/13 12:0 a.m.3 views

CVE-2022-43460

Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted...

7.7AI score0.00536EPSS
Exploits0References2
prion
prion
added 2021/07/28 10:15 a.m.24 views

Code injection

K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc. and decrypt it, without having to know the...

4CVSS6.3AI score0.00304EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder