GO-2026-4600 Panic in name constraint checking for malformed certificates in crypto/x509

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...

900+ Certificates Used by Fortune 500, Governments Exposed by Key Leaks

A joint study by Google and GitGuardian reveals that over 2,600 valid TLS certificates, protecting Fortune 500 companies and government agencies, were compromised due to private key leaks on GitHub and DockerHub...

Moxa VPort Cameras NULL Pointer Dereference (CVE-2021-25845)

Improper validation of the ChassisID TLV in userdisk/vportlldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet. This plugin only works with Tenable.ot. Please visit...

Cisco Nexus 3600 9500-R Series Switching Platforms Layer 2 Loop DoS (cisco-sa-nxos-ether-dos-Kv8YNWZ4)

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability with the Ethernet VPN EVPN Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated,...

Moxa VPort Cameras Integer Underflow (CVE-2021-25849)

An integer underflow was discovered in userdisk/vportlldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

Moxa VPort Cameras Integer Underflow (CVE-2021-25846)

Improper validation of the ChassisID TLV in userdisk/vportlldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet. This plugin only works with Tenable.ot. Please visit...

Moxa VPort Cameras Out-of-bounds Read (CVE-2021-25847)

Improper validation of the length field of LLDP-MED TLV in userdisk/vportlldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet. This plugin only works with Tenable.ot. Please visit...

RHEL 8 : osbuild-composer (RHSA-2026:3898)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3898 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building...

RHEL 9 : delve (RHSA-2026:3842)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:3842 advisory. Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve shoul...

CVE-2026-23811

A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 L2 communication restrictions between clients and redirect traffic at Layer 3 L3. In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable...

CVE-2026-20005

Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete parsing of the...

CVE-2026-20050

A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper memory...

CVE-2026-28277

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

xgrammar vulnerable to DoS via multi-layer nesting

Summary The multi-level nested syntax caused a segmentation fault core dump. Details A trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses. PoC !/usr/bin/env python3 """ XGrammar - Math Expression Generatio...

CVE-2025-13476 Rakuten Viber uses broken or risky cryptographic Algorithm

Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...

CVE-2026-30794

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime due to incomplete handling of the errors in TLS handshake. An attacker can cause the service to become unavailable by initiating multiple incomplete TLS handshakes, leading to resourc...

CVE-2026-26999 Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (slowloris doS)

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing TLS handshake on TCP routers. When Traefik processes a TLS connection on a TCP router, the read deadline used to bound protocol sniffing is cleared befor...

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime due to incomplete handling of the errors in TLS handshake. An attacker can cause the service to become unavailable by initiating multiple incomplete TLS handshakes, leading to resourc...

Missing Release of Resource after Effective Lifetime

Overview github.com/traefik/traefik/v2/pkg/server/router/tcp is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ... a...