Lucene search
K

10068 matches found

Veracode
Veracode
added 2025/07/16 4:59 p.m.3 views

HTTP Desynchronisation Attack

Apache HTTP Server modssl is vulnerable to an HTTP desynchronisation Attack. The vulnerability is due to the use of SSLEngine optional for enabling TLS upgrades, which allows a man-in-the-middle attacker to exploit request desynchronisation and hijack an active HTTP session during the TLS upgrade...

7.4CVSS7.3AI score0.00516EPSS
Exploits0References10Affected Software1
RedHat Linux
RedHat Linux
added 2025/07/16 2:32 p.m.4 views

openjdk: Enhance TLS protocol support (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0....

4.8CVSS7.2AI score0.00381EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/07/16 12:0 a.m.1 views

Safeguarding Federated Learning-Based Road Condition Classification

Federated Learning FL has emerged as a promising solution for privacy-preserving autonomous driving, specifically camera-based Road Condition Classification RCC systems, harnessing distributed sensing, computing, and communication resources on board vehicles without sharing sensitive image data...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.4 views

The vulnerability of the SICAM TOOLBOX II engineering software, related to incorrect verification of certificates, allows a perpetrator to execute a “man-in-the-middle” type attack.

The vulnerability of the SICAM TOOLBOX II engineering software is related to improper verification of the TLS certificate. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middle” type attack...

8.1CVSS5.7AI score0.00173EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2025/07/15 7:45 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass when processing TLS connections. An attacker can gain unauthorized read and write access to certain data by sending specially crafted network requests. This is only exploitable if untrusted code is loaded and run i...

6.3CVSS7.1AI score0.00381EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/15 7:45 p.m.3 views

Access Control Bypass

Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...

6.3CVSS7.2AI score0.00381EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/07/15 12:0 a.m.5 views

Multi-Trigger Poisoning Amplifies Backdoor Vulnerabilities in LLMs

Recent studies have shown that Large Language Models LLMs are vulnerable to data poisoning attacks, where malicious training examples embed hidden behaviours triggered by specific input patterns. However, most existing works assume a phrase and focus on the attack's effectiveness, offering limite...

6.9AI score
Exploits0
GithubExploit
GithubExploit
added 2025/07/14 9:53 a.m.106 views

Exploit for Cross-site Scripting in Maptiler Tileserver_Php

CVE-2025-44136 Unauthenticated XSS in MapTiler Tileserver-php...

9.8CVSS9.4AI score0.02507EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2025/07/13 12:0 a.m.18 views

LaSM: Layer-Wise Scaling Mechanism for Defending Pop-Up Attack on GUI Agents

Graphical user interface GUI agents built on multimodal large language models MLLMs have recently demonstrated strong decision-making abilities in screen-based interaction tasks. However, they remain highly vulnerable to pop-up-based environmental injection attacks, where malicious visual element...

7.2AI score
Exploits0
OSV
OSV
added 2025/07/11 12:21 p.m.5 views

OESA-2025-1776 python-cryptography security update

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lea...

7.5CVSS6.6AI score0.01118EPSS
Exploits0References2
OSV
OSV
added 2025/07/11 12:21 p.m.3 views

OESA-2025-1775 python-cryptography security update

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lea...

7.5CVSS6.6AI score0.01118EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/07/11 7:0 a.m.3 views

net: tls: explicitly disallow disconnect

...

5.5CVSS7.4AI score0.00252EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/07/11 7:0 a.m.6 views

net: phy: leds: fix memory leak

...

5.5CVSS7.2AI score0.00155EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/11 12:0 a.m.3 views

CovertAuth: Joint Covert Communication and Authentication in MmWave Systems

Beam alignment BA is a crucial process in millimeter-wave mmWave communications, enabling precise directional transmission and efficient link establishment. However, due to characteristics like omnidirectional exposure and the broadcast nature of the BA phase, it is particularly vulnerable to...

6.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/07/10 11:27 p.m.6 views

SUSE CVE-2025-23048

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...

8.8CVSS6.9AI score0.0097EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2025/07/10 11:22 p.m.3 views

SUSE CVE-2025-38302

In the Linux kernel, the following vulnerability has been resolved: block: don't use submitbionoacctnocheck in blkzonewplugbiowork Bios queued up in the zone write plug have already gone through all all preparation in the submitbio path, including the freeze protection. Submitting them through...

4.7CVSS6.6AI score0.00121EPSS
Exploits0References9
OSV
OSV
added 2025/07/10 5:15 p.m.6 views

ALPINE-CVE-2025-23048

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...

9.1CVSS6.8AI score0.0097EPSS
Exploits1References1
OSV
OSV
added 2025/07/10 5:15 p.m.3 views

UBUNTU-CVE-2025-23048

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...

9.1CVSS7.1AI score0.0097EPSS
Exploits1References6
OSV
OSV
added 2025/07/10 8:15 a.m.3 views

UBUNTU-CVE-2025-38302

In the Linux kernel, the following vulnerability has been resolved: block: don't use submitbionoacctnocheck in blkzonewplugbiowork Bios queued up in the zone write plug have already gone through all all preparation in the submitbio path, including the freeze protection. Submitting them through...

5.5CVSS5.9AI score0.00121EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.4 views

PT-2025-29046

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-rc7 Description: A flaw was discovered in the Linux kernel related to the MPLS Multiprotocol Label Switching implementation. Specifically, the mpls route input rcu function could be called from within an...

5.5CVSS7.1AI score0.00178EPSS
Exploits0
Rows per page
Query Builder