Lucene search
K

420 matches found

Tenable Nessus
Tenable Nessus
added 5 days ago8 views

MiracleLinux 8 : container-tools:rhel8 (AXSA:2026-1242:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-1242:01 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE:...

7.5CVSS6.8AI score0.00728EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.6 views

MiracleLinux 9 : opentelemetry-collector-0.144.0-2.el9_8 (AXSA:2026-1213:03)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-1213:03 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go:...

9.1CVSS7AI score0.01557EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/07/06 5:18 a.m.4 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.7AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/01 12:15 p.m.6 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.7AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/01 11:48 a.m.5 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.7AI score0.00651EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.8 views

RockyLinux 8 : container-tools:rhel8 (RLSA-2026:33722)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:33722 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial...

7.5CVSS6.9AI score0.00728EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.6 views

RHEL 9 : osbuild-composer (RHSA-2026:32991)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:32991 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...

7.5CVSS6.8AI score0.00651EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 7:6 a.m.3 views

SUSE-SU-2026:2640-1 Security update for containerd

This update for containerd fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260296. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

9.6CVSS6.7AI score0.01557EPSS
Exploits1References9
OSV
OSV
added 2026/06/26 7:6 a.m.3 views

SUSE-SU-2026:2639-1 Security update for containerd

This update for containerd fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260296. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

9.6CVSS6.7AI score0.01557EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

SUSE SLES12 Security Update : containerd (SUSE-SU-2026:2640-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2640-1 advisory. This update for containerd fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation...

9.6CVSS6.6AI score0.01557EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

SUSE SLES12 Security Update : google-guest-agent (SUSE-SU-2026:2581-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2581-1 advisory. - CVE-2026-39827: Update golang.org/x/crypto dependency bsc1266171. - CVE-2026-39828: Update golang.org/x/crypto dependency...

10CVSS6.6AI score0.91969EPSS
Exploits4References60
OSV
OSV
added 2026/06/23 2:37 p.m.6 views

BIT-APISIX-2026-49230 Apache APISIX: Authentication bypass in jwe-decrypt

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

9.1CVSS5.8AI score0.00224EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/22 11:36 a.m.19 views

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.1CVSS7.2AI score0.01557EPSS
Exploits1References3
OSV
OSV
added 2026/06/22 9:4 a.m.8 views

SUSE-SU-2026:22249-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

10CVSS7AI score0.91969EPSS
Exploits3References32
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

SUSE SLES15 Security Update : azure-storage-azcopy (SUSE-SU-2026:2466-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2466-1 advisory. This update for azure-storage-azcopy fixes the following issues Update to 10.32.4: - CVE-2025-47907: database/sql: incorrect result...

9.6CVSS6.7AI score0.01557EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.11 views

SUSE SLED15 / SLES15 Security Update : alloy (SUSE-SU-2026:2438-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2438-1 advisory. This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References17
NVD
NVD
added 2026/06/19 2:16 p.m.13 views

CVE-2026-49230

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

9.1CVSS0.00224EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/19 1:13 p.m.31 views

CVE-2026-49230 Apache APISIX: Authentication bypass in jwe-decrypt

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

6.3CVSS0.00224EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/19 1:13 p.m.25 views

EUVD-2026-38019

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

6.3CVSS5.8AI score0.00224EPSS
Exploits1References1
CVE
CVE
added 2026/06/19 1:13 p.m.40 views

CVE-2026-49230

CVE-2026-49230 affects Apache APISIX via the jwe-decrypt plugin in default config, enabling authentication bypass. Vulnerable versions are 3.8.0–3.16.0; remediation is upgrade to 3.17.0. The CVE details indicate a improper validation of an integrity check value, with a network-exposed risk. If ex...

9.1CVSS5.8AI score0.00224EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder