Lucene search
K

2118 matches found

Nuclei
Nuclei
added 15 hours ago26 views

WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure

WAVLINK Quantum D4G WL-WN531G3 running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. id: CVE-2022-44356 info: name: WAVLINK Quantum D4G WL-WN531G3 - Information Disclosur...

7.5CVSS7AI score0.02756EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/06 10:9 a.m.16 views

Security Bulletin: IBM Quantum Safe Explorer is affected by multiple vulnerabilites

Summary The vulnerabilities were found in dependent open source libraries used within IBM Quantum Safe Explorer code base. These issues have been addressed by updating the versions of affected libraries. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client...

7.5CVSS6.3AI score0.00808EPSS
Exploits8Affected Software1
CVE
CVE
added 2026/07/06 8:24 a.m.22 views

CVE-2026-43867

The CVE concerns Apache Camel’s PQC component where AwsSecretsManagerKeyLifecycleManager.deserializeMetadata() Base64-decodes and deserializes persisted KeyMetadata via a raw java.io.ObjectInputStream.readObject() without an ObjectInputFilter or class allow-list. A user who can write to the confi...

9.8CVSS6.4AI score0.00691EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:24 a.m.7 views

CVE-2026-43867

Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...

6.4AI score0.00691EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55886

☕ Apache Camel critical alert: CVE-2026-43867 hits the camel-pqc component. Post-quantum key metadata deserialized via ObjectInputStream with zero ObjectInputFilter — unauthenticated RCE risk at CVSS 9.8. Check your Camel builds now. AppSec Apache https://t.co/iaMBNrOfI0 https://t.co/mkIJ19Sd5Y...

9.8CVSS6AI score0.00691EPSS
Exploits1References3
OSV
OSV
added 2026/07/01 11:43 p.m.3 views

MINI-QVM8-9QC4-PHQ3

Bulletin has no description...

6.9CVSS6.5AI score0.00223EPSS
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/06/30 7:0 p.m.10 views

Accelerating the quantum-safe timeline

The quantum-safe timeline has changed For years, planning for post-quantum cryptography PQC was framed as a future problem: important, inevitable, but distant. That perspective is evolving as technology advances and organizations prepare for the scale and complexity of the transition ahead. At...

6AI score
Exploits0
FreeBSD
FreeBSD
added 2026/06/30 12:0 a.m.6 views

PostgresSQL JDBC -- Silent channel-binding authentication downgrade via unsupported certificate algorithms

PostgreSQL project reports: channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to guarantee. An attacker who can intercept the TLS connection...

8.2CVSS5.8AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5591 FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory in github.com/gtsteffaniak/filebrowser/backend

FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory in github.com/gtsteffaniak/filebrowser/backend...

9.3CVSS5.8AI score0.00446EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 8:1 p.m.22 views

CVE-2026-7531 Use-after-free in PQC hybrid key-share handling

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

2.3CVSS0.00346EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 8:1 p.m.4 views

EUVD-2026-39554

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:1 p.m.6 views

CVE-2026-7531

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

2.3CVSS5.9AI score0.00346EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/25 8:1 p.m.20 views

CVE-2026-7531

CVE-2026-7531 describes a use-after-free in the handling of PQC hybrid key-shares for TLS 1.3. The issue occurs when a malicious server sends a truncated PQC hybrid KeyShare, which can trigger the error cleanup path to operate on freed memory. Documents consistently label this as an incomplete fi...

9.8CVSS5.9AI score0.00346EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:1 p.m.8 views

CVE-2026-7531

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS5.8AI score0.00346EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/25 8:1 p.m.6 views

CVE-2026-7531

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS5.8AI score0.00346EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:26 p.m.3 views

GO-2026-5089 FileBrowser Quantum: unauthenticated user share share info in github.com/gtsteffaniak/filebrowser

FileBrowser Quantum: unauthenticated user share share info in github.com/gtsteffaniak/filebrowser...

5.8AI score0.00052EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52577

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS5.9AI score0.00346EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.7 views

openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group

A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword. A less preferred key exchange may be used...

6.5CVSS5.8AI score0.00435EPSS
Exploits0References7
NVD
NVD
added 2026/06/16 8:16 p.m.12 views

CVE-2026-48777

FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted...

9.3CVSS0.00446EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/16 6:40 p.m.47 views

CVE-2026-48777 FileBrowser Quantum: Path Traversal in public share PATCH allows file ops outside shared directory

FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted...

9.3CVSS0.00446EPSS
Exploits0References3
Rows per page
Query Builder