CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10036 matches found

RedhatCVE•added 2026/02/06 7:13 p.m.•6 views

CVE-2026-1709

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.4AI score0.05805EPSS

Exploits0References3

RedhatCVE•added 2026/02/06 1:25 a.m.•7 views

CVE-2026-25160

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...

9.1CVSS5.1AI score0.00234EPSS

Exploits1References1

Tenable Nessus•added 2026/02/06 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-1709

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This...

9.4CVSS5.5AI score0.05805EPSS

Exploits0References2

Tenable Nessus•added 2026/02/06 12:0 a.m.•10 views

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50094)

The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50094 advisory. - mptcp: fix a race in mptcppmdeladdtimer Eric Dumazet Orabug: 38932996 CVE-2025-40257 - tls: Use skdstget and dstdevrcu in getnetdevforsock...

7.8CVSS6.8AI score0.00165EPSS

Exploits0References5

OSV•added 2026/02/05 6:16 p.m.•9 views

AZL-76653 CVE-2025-68121 affecting package golang for versions less than 1.24.12-1

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

10CVSS5.8AI score0.00765EPSS

Exploits1References1

OSV•added 2026/02/05 6:16 p.m.•12 views

AZL-76665 CVE-2025-68121 affecting package msft-golang for versions less than 1.24.12-1

10CVSS6.7AI score0.00765EPSS

Exploits1References1

OSV•added 2026/02/05 6:16 p.m.•3 views

CVE-2025-68121

10CVSS5.6AI score

Exploits0References4

CVE•added 2026/02/05 5:48 p.m.•162 views

CVE-2025-68121

CVE-2025-68121 affects crypto/tls in Go where session resumption can succeed if the underlying Config is mutated between the initial and resumed handshake (e.g., after Config.Clone or GetConfigForClient mutates ClientCAs/RootCAs). The connected advisories tie this issue to the same CVE across mul...

10CVSS8.2AI score0.00765EPSS

Exploits1References4Affected Software1

AlpineLinux•added 2026/02/05 5:48 p.m.•13 views

CVE-2025-68121

10CVSS8.2AI score0.00765EPSS

Exploits1

RedHat Linux•added 2026/02/05 4:3 p.m.•5 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS5.9AI score0.01056EPSS

Exploits0References5

CNNVD•added 2026/02/05 12:0 a.m.•5 views

Axigen Mail Server 安全漏洞

Axigen Mail Server is a mail server software developed by Axigen Corporation. Versions of Axigen Mail Server prior to 10.5.57 contained security vulnerabilities. These vulnerabilities stemmed from improper access control in the WebAdmin interface. A privileged-free administrative account could...

8.1CVSS5.8AI score0.0031EPSS

Exploits0References2

CNVD•added 2026/02/05 12:0 a.m.•6 views

Google Go Information Disclosure Vulnerability (CNVD-2026-10646)

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. Google Go suffers from an information disclosure vulnerability that stems from an issue with the order in which messages across cryptographic level boundaries are processed during...

5.3CVSS5.7AI score0.00276EPSS

Exploits0References1

Amazon•added 2026/02/05 12:0 a.m.•7 views

Important: golang

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 cmd/go: bypass of flag sanitization ca...

10CVSS6.3AI score0.00765EPSS

Exploits2

Amazon•added 2026/02/05 12:0 a.m.•10 views

Medium: cni-plugins

10CVSS7.5AI score0.00765EPSS

Exploits2

EUVD•added 2026/02/05 12:0 a.m.•7 views

EUVD-2025-206828

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...

9.1CVSS5.4AI score0.0031EPSS

Exploits0References2