Lucene search
+L

109 matches found

CVE
CVE
added 2 days ago8 views

CVE-2026-44434

Quicly (QUIC protocol implementation used with H2O HTTP server) was vulnerable to stateless reset injection before commit dccf5d4 due to lack of packet entry validation, allowing an on-path attacker to reset QUIC connections by exploiting zero-initialized secret-pattern slots. The issue has been ...

5.3CVSS6AI score0.00147EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-15925

Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 and 3.18.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this b...

9.2CVSS0.00177EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-15925

Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 and 3.18.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this b...

9.2CVSS6.2AI score0.00177EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-15925 Improper TLS Hostname Verification in Snowflake Connector for Python

Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 and 3.18.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this b...

9.2CVSS0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-44869

Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 and 3.18.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this b...

9.2CVSS6.2AI score0.00177EPSS
Exploits0References2
CVE
CVE
added 2 days ago23 views

CVE-2026-15925

The CVE-2026-15925 entry describes an Improper TLS hostname verification vulnerability in Snowflake Connector for Python and affects versions prior to 4.7.1. An on-path attacker who can intercept traffic could bypass hostname validation during HTTPS connections by presenting a certificate from an...

9.2CVSS6.2AI score0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-60425

Name of the Vulnerable Software and Affected Versions Snowflake Connector for Python versions prior to 4.7.1 Snowflake Connector for Python versions prior to 3.18.1 Description Improper TLS hostname verification allows a network-positioned attacker to bypass certificate hostname validation on HTT...

9.2CVSS6.2AI score0.00177EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-60600

Name of the Vulnerable Software and Affected Versions Quicly versions prior to commit dccf5d4 Description Quicly, an IETF QUIC protocol implementation used in the H2O HTTP server, is susceptible to stateless reset injection. The issue stems from a lack of packet entry validation when handling...

5.3CVSS6AI score0.00147EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 12:26 a.m.6 views

CVE-2026-55436 Coder's AI Bridge Proxy skips TLS certificate verification in default configuration

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a...

7.4CVSS6AI score0.00258EPSS
Exploits0References7
OSV
OSV
added 2026/06/23 9:59 p.m.6 views

GHSA-R6FJ-869H-4F6Q OHttpVersionChunkDraft: Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation

The codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversary the OHTTP relay itself, or any MITM on the relay↔gateway or relay↔client transport can forward a...

8.7CVSS5.9AI score0.00167EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-53090

Name of the Vulnerable Software and Affected Versions Nmap versions 7.0.0 through 7.99 Description An issue exists in the ipv6 get data primitive function libnetutil/netutil.cc where the IPv6 extension-header walk is not kept within the captured packet. This causes the pointer to advance past the...

6.9CVSS6.6AI score0.00278EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/22 2:33 a.m.37 views

CVE-2026-11745

A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories...

8.8CVSS0.00139EPSS
Exploits0References1
Veracode
Veracode
added 2026/06/16 7:10 p.m.11 views

Denial Of Service (DoS)

Netty is vulnerable to Denial of Service DoS. The vulnerability is due to exposure of QUIC stateless reset tokens through connection ID generation, which allows an on-path attacker to derive the token and send spoofed Stateless Reset packets to terminate active connections...

4.8CVSS5.2AI score0.00204EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/15 8:44 p.m.13 views

EUVD-2026-36462

Netty: QUIC stateless reset token material exposed through header-visible connection IDs...

4.8CVSS5.2AI score0.00204EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/15 8:44 p.m.16 views

Netty: QUIC stateless reset token material exposed through header-visible connection IDs

Summary Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the server's current source connection ID can be derived from bytes that appear as the connection ID in QUIC headers...

4.8CVSS5.4AI score0.00204EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48901

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.15.Final Description Netty QUIC exposes the stateless reset token on the network path when utilizing the default HMAC-based connection-ID and stateless-reset-token generators. Specifically, the...

4.8CVSS5.3AI score0.00204EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.10 views

openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...

9.1CVSS5.4AI score0.00237EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.12 views

openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...

9.1CVSS5.4AI score0.00237EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.11 views

CVE-2026-42312

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...

6.8CVSS5.5AI score0.00174EPSS
Exploits1References1
NVD
NVD
added 2026/06/04 7:16 p.m.16 views

CVE-2026-48480

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversar...

8.7CVSS0.00167EPSS
Exploits0References2
Rows per page
Query Builder