Lucene search
K

37 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.9 views

EulerOS Virtualization 2.12.0 : curl (EulerOS-SA-2026-2097)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.libcur...

6.5CVSS5.6AI score0.00333EPSS
Exploits2References4
Debian CVE
Debian CVE
added 2026/05/13 8:27 a.m.6 views

CVE-2026-5545

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

6.5CVSS5.8AI score0.00414EPSS
Exploits1
OSV
OSV
added 2026/05/04 1:12 p.m.7 views

JLSEC-2026-436

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.5CVSS7AI score0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/06 4:59 p.m.24 views

CVE-2026-35039 fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)

fast-jwt provides fast JSON Web Token JWT implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification proce...

9.1CVSS0.00212EPSS
Exploits0References2
CVE
CVE
added 2026/04/06 4:59 p.m.35 views

CVE-2026-35039

CVE-2026-35039 — fast-jwt cacheKeyBuilder collision leads to identity/authorization mixups Multiple connected sources describe a cache-confusion vulnerability in fast-jwt where a user-supplied cacheKeyBuilder can fail to produce unique keys for different tokens. When caching is enabled, two disti...

9.1CVSS5.9AI score0.00212EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 4:59 p.m.3 views

CVE-2026-35039 fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)

fast-jwt provides fast JSON Web Token JWT implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification proce...

9.1CVSS5.8AI score0.00212EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/02 3:0 p.m.17 views

CVE-2026-33544 Tinyauth has OAuth account confusion via shared mutable state on singleton service instances

Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations GenericOAuthService, GithubOAuthService, GoogleOAuthService store PKCE verifiers and access tokens as mutable struct fields on singleton instances shared across all concurrent...

7.7CVSS0.00338EPSS
Exploits1References3
OSV
OSV
added 2026/04/01 7:52 p.m.1 views

GHSA-9Q5M-JFC4-WC92 Tinyauth has OAuth account confusion via shared mutable state on singleton service instances

Summary All three OAuth service implementations GenericOAuthService, GithubOAuthService, GoogleOAuthService store PKCE verifiers and access tokens as mutable struct fields on singleton instances shared across all concurrent requests. When two users initiate OAuth login for the same provider...

7.7CVSS6AI score0.00338EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.3 views

CVE-2026-4368

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy or AAA virtual server leading to User Session Mixup...

7.7CVSS6AI score0.03618EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.2 views

NetScaler ADC and NetScaler Gateway Race Condition (CTX696300 / CVE-2026-4368)

The remote NetScaler ADC formerly Citrix ADC or NetScaler Gateway formerly Citrix Gateway device is version 14.1-66.54. It is, therefore, affected by a vulnerability: - Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway SSL VPN, ICA Proxy, CVPN, RDP Prox...

7.7CVSS6.1AI score0.03618EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/23 9:30 p.m.8 views

EUVD-2026-14547

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy or AAA virtual server leading to User Session Mixup...

7.7CVSS5.8AI score0.03618EPSS
Exploits0References2
NVD
NVD
added 2026/03/23 9:17 p.m.8 views

CVE-2026-4368

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy or AAA virtual server leading to User Session Mixup...

7.7CVSS0.03618EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/23 8:9 p.m.4 views

CVE-2026-4368 Race Condition leading to User Session Mixup

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy or AAA virtual server leading to User Session Mixup...

7.7CVSS5.8AI score0.03618EPSS
Exploits0References1
CVE
CVE
added 2026/03/23 8:9 p.m.12 views

CVE-2026-4368

CVE-2026-4368 affects Citrix NetScaler ADC and NetScaler Gateway (14.1-66.54) with a race condition that can cause user session mixups when configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or an AAA vserver. The issue’s base score is 7.7 ( HIGH ) per CVSS v4.0. Remediation: upgrade t...

7.7CVSS5.8AI score0.03618EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/23 8:9 p.m.24 views

CVE-2026-4368 Race Condition leading to User Session Mixup

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy or AAA virtual server leading to User Session Mixup...

7.7CVSS0.03618EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.4 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : curl vulnerabilities (USN-8084-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8084-1 advisory. Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate- authenticated HTTP or HTTPS requests...

7.5CVSS7.1AI score0.00715EPSS
Exploits5References6
Debian CVE
Debian CVE
added 2026/03/11 10:8 a.m.5 views

CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.5CVSS7.2AI score0.00259EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/11 10:8 a.m.4 views

CVE-2026-1965 bad reuse of HTTP Negotiate connection

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

5.8AI score0.00259EPSS
Exploits0References2
CVE
CVE
added 2026/03/11 10:8 a.m.43 views

CVE-2026-1965

CVE-2026-1965 concerns a vulnerability in libcurl where, under Negotiate authentication, a live connection could be reused for a different user’s credentials. The issue arises because Negotiate sometimes authenticates connections rather than individual requests, allowing a second request to reuse...

6.5CVSS5.8AI score0.00259EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/01/16 8:15 p.m.11 views

CVE-2026-23735

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

8.7CVSS0.00465EPSS
Exploits0References4
Rows per page
Query Builder