258 matches found
EUVD-2024-41461
Malicious code in bioql PyPI...
EUVD-2024-22352
Malicious code in bioql PyPI...
EUVD-2024-34446
Malicious code in bioql PyPI...
EUVD-2024-34667
Malicious code in bioql PyPI...
EUVD-2023-55065
Malicious code in bioql PyPI...
EUVD-2024-22351
Malicious code in bioql PyPI...
EUVD-2024-35232
Malicious code in bioql PyPI...
EUVD-2024-34467
Malicious code in bioql PyPI...
SUSE: Security Advisory (SUSE-SU-2025:03447-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CBL Mariner 2.0 Security Update: mysql (CVE-2025-5025)
The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-5025 advisory. - libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this...
curl: Stack use-after-scope in HTTP/3 POST request processing via CURLOPT_POSTFIELDS
Summary A stack use-after-scope vulnerability exists in libcurl's HTTP/3 request processing when using CURLOPTPOSTFIELDS with stack-allocated buffers. libcurl retains a pointer to user-provided POST data but accesses it after the original stack frame has been destroyed, leading to memory corrupti...
curl: OpenSSL HTTP/3 bogus CURLINFO_TLS_SSL_PTR
Summary: curleasygetinfo CURLINFOTLSSSLPTR appears to return invalid SSL connection pointer for OpenSSL HTTP/3 connections. Using this SSL connection results in a crash, and potential other impacts. This issue does not happen with libcurl 8.14.1, suggesting that the bug is in libcurl itself or...
TencentOS Server 4: nginx (TSSA-2024:0497)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0497 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
CVE-2025-5025
libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...
CURL-CVE-2025-5025 No QUIC certificate pinning with wolfSSL
libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...
CVE-2025-5025
libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...
CVE-2025-5025 No QUIC certificate pinning with wolfSSL
libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...
CVE-2025-5025 No QUIC certificate pinning with wolfSSL
libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...
CVE-2025-5025
libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...
CVE-2024-25622
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...