CVE-2026-44640

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to 0.24.14, aio-provdata is stored as nniquicconn during dialing, but read as exquicconn during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This...

CVE-2026-45182

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

GHSA-6W86-WGWQ-RGQ8 neqo-qpack has iInteger overflow in qpack dynamic table indexing

Summary An unsanitized qpack index can lead to an integer overflow, panicing in debug mode, accessing the wrong or no dynamic table entry in release mode. What does this mean for Firefox? Firefox runs Neqo in release mode. A malicious remote can cause its own QUIC connection to fail to use qpack,...

EUVD-2024-27332

Malicious code in bioql PyPI...

EUVD-2023-43053

Malicious code in bioql PyPI...

K000152723: Golang crypto/tls vulnerabilities CVE-2023-39321 and CVE-2023-39322

Security Advisory Description CVE-2023-39321 Processing an incomplete post-handshake message for a QUIC connection can cause a panic. CVE-2023-39322 QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection...

CURL-CVE-2025-4947 QUIC certificate check skip with wolfSSL

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

CURL-CVE-2025-5025 No QUIC certificate pinning with wolfSSL

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...

CVE-2025-4947

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

PT-2025-23062

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description The issue occurs when libcurl establishes a QUIC connection to a host specified as an IP address in the URL, resulting in the accidental skipping of certificate verification. This failure to...

Linux Distros Unpatched Vulnerability : CVE-2023-39321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Processing an incomplete post-handshake message for a QUIC connection can cause a panic. CVE-2023-39321 Note that Nessus relies on the presence of the package a...

ROS-20241001-02

Vulnerability of html/template package of Golang programming language is related to incorrect handling of &ltscript&gt occurrences of &ltscript&gt, &lt!--&gt and &lt/script&gt in JS literals in &ltscript&gt contexts. Exploitation vulnerability could allow an attacker acting remotely to perform an...

RHEL 9 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 - Angle brackets are not...

RHEL 8 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: crypto/elliptic: incorrect operations on the P-224 curve CVE-2021-3114 - golang: html/template:...

Curl 8.6.0 < 8.7.0 QUIC Certificate Check Bypass (CVE-2024-2379)

The version of Curl installed on the remote host is between 8.6.0 and prior to 8.7.0. It is, therefore, affected by a certificate check bypass vulnerability. libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an...

DEBIAN-CVE-2024-2379

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems...

CURL-CVE-2024-2379 QUIC certificate check bypass with wolfSSL

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems...

CVE-2024-2379

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems...

Slackware Linux 15.0 / current curl Multiple Vulnerabilities (SSA:2024-087-01)

The version of curl installed on the remote host is prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-087-01 advisory. - When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would...

PT-2024-2654

Name of the Vulnerable Software and Affected Versions libcurl versions affected versions not specified Description The issue is related to libcurl skipping certificate verification for a QUIC connection under certain conditions when built to use wolfSSL. If an unknown or bad cipher or curve is...