Lucene search
+L

3737 matches found

Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-53712 SCRAM: Silent channel-binding authentication downgrade via unsupported certificate algorithms

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to 3.3, a flaw in com.ongres.scram:scram-client and com.ongres.scram:scram-common allows an attacker capable of a TLS...

8.2CVSS0.0026EPSS
Exploits0References2
CVE
CVE
added 2 days ago26 views

CVE-2026-53712

The CVE describes a vulnerability in the OnGres SCRAM library (com.ongres.scram:scram-client and scram-common) where, prior to version 3.3, a TLS MITM can silently downgrade SCRAM-SHA-256-PLUS with channel binding to SCRAM-SHA-256 without channel binding when an X.509 certificate uses modern sign...

8.2CVSS5.4AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

CVE-2026-53712 SCRAM: Silent channel-binding authentication downgrade via unsupported certificate algorithms

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to 3.3, a flaw in com.ongres.scram:scram-client and com.ongres.scram:scram-common allows an attacker capable of a TLS...

8.2CVSS5.5AI score0.0026EPSS
Exploits0References4
NVD
NVD
added 2 days ago9 views

CVE-2024-23573

HCL Aftermarket EPC is vulnerable to attack since the Application is vulnerable to Lucky 13. that makes the SS LLUCKY13 possible affects the TLS1.1and 1.2 and DTLS1.0 or 1.2 implementations . It also affects previous versions such as SSL3.0 and TLS1.0. This can also be considered a type of...

3.7CVSS0.00155EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2024-23573

CVE-2024-23573 affects HCL Aftermarket EPC. The vulnerability is described as the application being vulnerable to Lucky 13, making the TLS1.1/1.2 and DTLS1.0/1.2 implementations (and older SSL3.0/TLS1.0) susceptible, with potential for a man-in-the-middle. The Connected documents provide the tech...

3.7CVSS5.3AI score0.00155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago10 views

CVE-2024-23573

HCL Aftermarket EPC is vulnerable to attack since the Application is vulnerable to Lucky 13. that makes the SS LLUCKY13 possible affects the TLS1.1and 1.2 and DTLS1.0 or 1.2 implementations . It also affects previous versions such as SSL3.0 and TLS1.0. This can also be considered a type of...

3.7CVSS5.3AI score0.00155EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2 days ago9 views

CVE-2026-13410

Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled. The default user agent is initialised with SSLverifymode explicitly disabled. An attacker with network man-in-the-middle MITM capability between the Dancer application and googleapis.com can intercept the...

8.2CVSS0.00242EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-13410 Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled

Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled. The default user agent is initialised with SSLverifymode explicitly disabled. An attacker with network man-in-the-middle MITM capability between the Dancer application and googleapis.com can intercept the...

0.00242EPSS
Exploits0References3
OSV
OSV
added 2 days ago3 views

CVE-2026-13410 Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled

Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled. The default user agent is initialised with SSLverifymode explicitly disabled. An attacker with network man-in-the-middle MITM capability between the Dancer application and googleapis.com can intercept the...

8.2CVSS5.4AI score0.00242EPSS
Exploits0References8
NVD
NVD
added 3 days ago10 views

CVE-2026-35145

HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability. The application fails to implement the HTTP Strict Transport Security HSTS policy within its responses, which could allow a remote attacker to downgrade the communication channel to an unencrypted...

3.1CVSS0.00173EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-44920

HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability. The application fails to implement the HTTP Strict Transport Security HSTS policy within its responses, which could allow a remote attacker to downgrade the communication channel to an unencrypted...

3.1CVSS6.1AI score0.00173EPSS
Exploits0References1
Oracle linux
Oracle linux
added 3 days ago8 views

ruby security update

3.3.10-13 - Fix DoS via crafted IMAP responses in net-imap. CVE-2026-42245 Resolves: RHEL-181687 - Fix information disclosure via MITM attack bypassing TLS in net-imap. CVE-2026-42246 Resolves: RHEL-181775 - Fix command injection via Symbol arguments in net-imap. CVE-2026-42258 Resolves: RHEL-181...

7.6CVSS5.2AI score0.00813EPSS
Exploits0
Vulnrichment
Vulnrichment
added 4 days ago7 views

CVE-2026-56434 NGINX ngx_http_ssi_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS6.1AI score0.00387EPSS
Exploits0References1
CVE
CVE
added 4 days ago70 views

CVE-2026-56434

Summary: CVE-2026-56434 affects the nginx ngx_http_ssi_module in NGINX Plus and NGINX Open Source when SSI, proxy_pass, and proxy_buffering are configured off. An unauthenticated attacker with MITM control over upstream responses can trigger a heap buffer over-read in the nginx worker process, po...

8.3CVSS6.1AI score0.00387EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-56434 NGINX ngx_http_ssi_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS0.00387EPSS
Exploits0References1
CVE
CVE
added 4 days ago14 views

CVE-2026-13385

The CVE-2026-13385 entry affects certain ASUS router models. It covers an vulnerability path where an attacker can perform a remote MITM to cause the device to download and execute arbitrary commands via a spoofed server, due to improper validation of the integrity check value and improper certif...

9.5CVSS6.3AI score0.00103EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago14 views

PT-2026-58872

Name of the Vulnerable Software and Affected Versions ASUS router models affected versions not specified Description Improper Validation of Integrity Check Value and Improper Certificate Validation allow a remote man-in-the-middle MITM user to force the router to download and execute arbitrary...

9.5CVSS6.3AI score0.00103EPSS
Exploits0References4
NVD
NVD
added 6 days ago8 views

CVE-2026-58065

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS0.00461EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-43499

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS6.1AI score0.00461EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-22093

The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...

9.5CVSS0.00203EPSS
Exploits0References1
Rows per page
Query Builder