Lucene search
K

25564 matches found

Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21227

The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network...

7.5CVSS5.6AI score0.00242EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

Cilium 安全漏洞

Cilium is an open-source software developed by Cilium contributors. It is used to provide and transparently protect network connections and load balancing between application workloads, such as application containers or processes. Versions of Cilium from 1.18.0 to 1.18.5 contain security...

6.1CVSS5.8AI score0.00126EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/02/20 12:0 a.m.3 views

CVE-2026-26963

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

6.1CVSS5.8AI score0.00126EPSS
Exploits1References5
OSV
OSV
added 2026/02/19 11:38 p.m.7 views

CVE-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

6.1CVSS5.5AI score0.00126EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/19 11:38 p.m.27 views

CVE-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

6.1CVSS0.00126EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/19 11:38 p.m.4 views

CVE-2026-26963

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

6.1CVSS5.5AI score0.00126EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 11:38 p.m.4 views

CVE-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

6.1CVSS5.5AI score0.00126EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/19 11:38 p.m.4 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to incorrect handling of network traffic permissions when certain network configurations, such as Native Routing, WireGuard, and Node Encryption, are enabled. An attacker can gain unauthorized access t...

6.1CVSS5.5AI score0.00126EPSS
Exploits1References2
CVE
CVE
added 2026/02/19 11:38 p.m.17 views

CVE-2026-26963

CVE-2026-26963 affects Cilium: vulnerable in versions 1.18.0–1.18.5 where traffic from Pods on other nodes can bypass isolation when Native Routing, WireGuard and Node Encryption are enabled. Root cause is the eBPF datapath handling allowing cross-node traffic leakage under those configurations. ...

6.1CVSS5.5AI score0.00126EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/02/19 10:16 p.m.7 views

CVE-2026-26315

go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...

7.5CVSS0.00447EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/02/19 9:22 p.m.4 views

CVE-2026-26315

go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...

7.5CVSS6.1AI score0.00447EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/19 8:0 p.m.21 views

CVE-2026-2738

Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet...

6.8CVSS0.00115EPSS
Exploits0References1
OSV
OSV
added 2026/02/19 7:39 p.m.6 views

GHSA-5R23-PRX4-MQG3 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Impact Host Policies will incorrectly permit traffic from Pods on other nodes when all of the following configurations are enabled: Native Routing WireGuard Node Encryption beta These options are disabled by default in Cilium. Patches This issue was fixed by 42892. This issue affects: Cilium v1.1...

6.1CVSS5.5AI score0.00126EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/02/19 7:39 p.m.9 views

Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Impact Host Policies will incorrectly permit traffic from Pods on other nodes when all of the following configurations are enabled: Native Routing WireGuard Node Encryption beta These options are disabled by default in Cilium. Patches This issue was fixed by 42892. This issue affects: Cilium v1.1...

6.1CVSS5.5AI score0.00126EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/02/19 5:28 p.m.5 views

GO-2026-4479 Usage of random nonce generation with AES GCM ciphers risks leaking the authentication key in github.com/pion/dtls

Usage of random nonce generation with AES GCM ciphers risks leaking the authentication key in github.com/pion/dtls...

5.9CVSS5.5AI score0.00619EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/19 3:51 p.m.4 views

CVE-2026-25998 strongMan vulnerable to private credential recovery due to key and counter reuse

strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database private keys, EAP secrets, strongMan encrypts the corresponding database fields. So far it used AES in CTR mode with a global database key. Together with an initialization...

8.7CVSS5.7AI score0.00309EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 3:51 p.m.15 views

CVE-2026-25998

strongMan (the management interface for strongSwan) is vulnerable in versions prior to 0.2.0 due to improper encryption of stored credentials in the database. The software used AES-CTR with a global database key and a single IV for all fields, enabling an attacker with database access to recover ...

8.7CVSS5.7AI score0.00309EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/19 3:51 p.m.22 views

CVE-2026-25998 strongMan vulnerable to private credential recovery due to key and counter reuse

strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database private keys, EAP secrets, strongMan encrypts the corresponding database fields. So far it used AES in CTR mode with a global database key. Together with an initialization...

8.7CVSS0.00309EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

go-ethereum 安全漏洞

go-ethereum is an open-source Ethereum protocol library developed by ethereum. Versions of go-ethereum prior to 1.16.9 contained security vulnerabilities. These vulnerabilities stemmed from defects in the ECIES encryption implementation, allowing attackers to extract bits from the keys of p2p nod...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References1
Amazon
Amazon
added 2026/02/19 12:0 a.m.7 views

Medium: runfinch-finch

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS5.8AI score0.01945EPSS
Exploits3
Rows per page
Query Builder