Lucene search
K

490 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-54919

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIBMBEDTLSSUPPORT or CPPHTTPLIBWOLFSSLSUPPORT and a...

7.4CVSS0.00264EPSS
Exploits0References3
CVE
CVE
added 4 days ago13 views

CVE-2026-54919

cpp-httplib on Mbed TLS and wolfSSL backends was vulnerable to a TLS certificate chain verification bypass for IP-literal hosts (affecting v0.31.0–0.46.1) when server verification was enabled; SSLClient/Client could skip chain validation and Mbed TLS WebSocketClient could skip verification. The i...

7.4CVSS6.9AI score0.00264EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2026/06/26 8:40 a.m.21 views

curl: mbedTLS / wolfSSL / rustls backends silently skip hostname verification when CURLOPT_SSL_VERIFYPEER=0

Summary When an application sets CURLOPTSSLVERIFYPEER=0 while keeping CURLOPTSSLVERIFYHOST=2 the default, the mbedTLS, wolfSSL, and rustls TLS backends silently skip the hostname-vs-certificate check. The OpenSSL, GnuTLS, and Schannel backends correctly preserve hostname checking under the same...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/22 1:34 p.m.2 views

OPENSUSE-SU-2026:21144-1 Security update for mbedtls

This update for mbedtls fixes the following issues: Changes in mbedtls: - Update to 3.6.6 LTS maintenance update from 3.6.1; security fixes accumulated across the 3.6.2-3.6.6 releases: CVE-2024-49195 boo1231708: buffer underrun in pkwrite when writing an opaque key pair CVE-2025-27809 boo1240051:...

9.8CVSS6.4AI score0.0199EPSS
Exploits5References27
OSV
OSV
added 2026/06/22 1:8 p.m.3 views

OPENSUSE-SU-2026:21145-1 Security update for mbedtls-2

This update for mbedtls-2 fixes the following issues: Changes in mbedtls-2: - Enable SRTP and DTLS protocols needed by some software. - Update to version 2.28.10: Default behavior changes In TLS clients, if mbedtlssslsethostname has not been called, mbedtlssslhandshake now fails with...

5.4CVSS6AI score0.00274EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in mbedtls

The use of a broken or risky cryptographic algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS for all versions prior to 3.0.0, 2.27.0, or 2.16.11 allows attackers with access to precise timing and memory access information typically from an untrusted operating system attacking a...

4.7CVSS5.8AI score0.00163EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/03 12:0 a.m.8 views

Security update for ovmf (important)

openSUSE security update: security update for ovmf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20875-1 Rating: important References: bsc1261469 bsc1261476 bsc1261477 bsc1261478 Cross-References: CVE-2026-25833 CVE-2026-25834 CVE-2026-25835...

8.7CVSS6AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 9:29 a.m.6 views

SUSE-SU-2026:21981-1 Security update for ovmf

This update for ovmf fixes the following issues: - CVE-2026-25833: mbedtls: buffer overflow in the x509inetptonipv6 function bsc1261476. - CVE-2026-25834: mbedtls: client accepts signature algorithm chosen by server even if not advertised in client hello bsc1261477. - CVE-2026-25835: mbedtls: no...

7.7CVSS6AI score0.00308EPSS
Exploits0References9
OSV
OSV
added 2026/06/02 9:29 a.m.9 views

OPENSUSE-SU-2026:20875-1 Security update for ovmf

This update for ovmf fixes the following issues: - CVE-2026-25833: mbedtls: buffer overflow in the x509inetptonipv6 function bsc1261476. - CVE-2026-25834: mbedtls: client accepts signature algorithm chosen by server even if not advertised in client hello bsc1261477. - CVE-2026-25835: mbedtls: no...

7.7CVSS6AI score0.00308EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in mbedtls

Mbed TLS versions before 3.0.1 have a double-free error under certain out-of-memory conditions, as demonstrated by a failure in the mbedtlssslsetsession function...

9.8CVSS8.3AI score0.02569EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in mbedtls

A issue was discovered in Mbed TLS before version 2.24.0 and before versions 2.16.8 LTS and 2.7.17 LTS. There is a lack of zeroization of plaintext buffers in mbedtlssslread, which is necessary to erase unused application data from memory...

7.5CVSS7.2AI score0.0155EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in mbedtls

Before version 2.16.5 of Arm Mbed TLS, attackers could obtain sensitive information an RSA private key by monitoring cache usage during an import process...

5.9CVSS6.3AI score0.0163EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.15 views

Astra Linux – Vulnerability in mbedtls

A vulnerability was discovered in Arm Mbed TLS before versions 2.16.6 and 2.7.x, prior to 2.7.15. An attacker who can obtain precise side-channel measurements can recover the long-term ECDSA private key by 1 reconstructing the projective coordinates of the result of scalar multiplication by...

4.7CVSS5.1AI score0.00247EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.10 views

SUSE SLES15 Security Update : ovmf (SUSE-SU-2026:1952-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1952-1 advisory. This update for ovmf fixes the following issues - CVE-2026-25833: mbedtls: buffer underflow in x509inetptonipv6 bsc1261476. -...

7.7CVSS6AI score0.00308EPSS
Exploits0References13
SUSE Linux
SUSE Linux
added 2026/05/18 7:52 a.m.9 views

Security update for ovmf

This update for ovmf fixes the following issues CVE-2026-25833: mbedtls: buffer underflow in x509inetptonipv6 bsc1261476. CVE-2026-25834: mbedtls: Algorithm downgrade vulnerability bsc1261477. CVE-2026-25835: mbedtls: PSA random generator cloning bsc1261478. CVE-2026-34874: mbedtls: NULL pointer...

8.7CVSS5.9AI score0.00308EPSS
Exploits0References16
Hacker One
Hacker One
added 2026/05/13 11:33 p.m.43 views

curl: TLS verifyhost bypass in rustls, mbedTLS, and wolfSSL when verifypeer=0

The now-well-known CURLOPTSSLVERIFYHOST-bypass-when-CURLOPTSSLVERIFYPEER=0 defect exists in three of curl's TLS backends: rustls EXPERIMENTAL, mbedTLS, and wolfSSL DNS hostnames only. The documented contract at docs/libcurl/opts/CURLOPTSSLVERIFYPEER.md:57-59: The check that the host name in the...

5.8CVSS6.5AI score0.04888EPSS
Exploits0
EUVD
EUVD
added 2026/05/11 5:52 a.m.60 views

EUVD-2026-29033

Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...

5.3CVSS5.8AI score0.00243EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/11 5:52 a.m.41 views

CVE-2026-1677 net: TLS 1.2 connections allowed on TLS 1.3 sockets

Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...

5.3CVSS0.00243EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, which stems from the use of sockets created with IPPROTOTLS13. When both TLS versions are enabled, TLS 1.2 can still be negotiated, as the protocol selection at the...

5.3CVSS5.8AI score0.00243EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.25 views

PT-2026-39574

Zephyr sockets created with IPPROTO TLS 1 3 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtls ssl conf min tls version. The ClientHello advertises both versions and the...

5.3CVSS5.8AI score0.00243EPSS
Exploits1References2
Rows per page
Query Builder