Lucene search
K

1819 matches found

OSV
OSV
added 2026/06/01 7:45 a.m.5 views

SUSE-SU-2026:2197-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. - CVE-2026-35329: null pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling EAP-SIM/AKA...

5.8AI score
Exploits6References13
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.72 views

📄 strongSwan 5.9.13 Denial of Service

strongSwan version 5.9.13 suffers from a denial of service vulnerability. Exploit Title: strongSwan 5.9.13 - DoS Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version:...

5.8AI score
Exploits3
Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.77 views

strongSwan 5.9.13 - DoS

Exploit Title: strongSwan 5.9.13 - DoS Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version: strongSwan next never advances and the per-attribute length computation...

5.8AI score
Exploits3
Packet Storm News
Packet Storm News
added 2026/05/28 12:0 a.m.14 views

Strengthening Polymorphic Prompt Assembling: Dynamic Separator Generation against Emerging Prompt Injection Attacks

Polymorphic Prompt Assembling PPA defends LLM agents against prompt injections by randomly selecting separator pairs from a fixed pool to isolate user input from system instructions. Although effective, static pool reuse exposes a blast-radius vulnerability: once a separator leaks, it can be...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/22 2:59 p.m.8 views

CLSA-2026-1779461988 krb5: Fix of 3 CVEs

CVE-2024-3596: generate and verify Message-Authenticator MACs in libkrad to mitigate the BlastRADIUS attack on the RADIUS protocol; includes follow-up fix for uninitialized pointer dereference in kradpacketdecoderequest - CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap...

9.1CVSS6AI score0.14859EPSS
Exploits2References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in krb5

The RADIUS protocol, as described in RFC 2865, is vulnerable to forgery attacks by local attackers who can modify any valid response—whether an Access-Accept, Access-Reject, or Access-Challenge response—into any other response, using a chosen-prefix collision attack against the MD5 Response...

9CVSS7.8AI score0.14859EPSS
Exploits2References2
vulnersOsv
vulnersOsv
added 2026/05/19 9:31 a.m.8 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +174 more potentially affected by CVE-2026-8830 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.6.2)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

4.3CVSS5.4AI score0.00392EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.10 views

SUSE SLES12 Security Update : strongswan (SUSE-SU-2026:1762-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1762-1 advisory. - CVE-2026-35329: NULL pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling...

5.8AI score
Exploits6References19
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.14 views

openSUSE 16 Security Update : strongswan (openSUSE-SU-2026:20678-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20678-1 advisory. Update to version 6.0.6 jscPED-16145. Security issued fixed: - CVE-2026-35328: infinite loop when handling supported versions TLS extension...

6AI score
Exploits6References21
Packet Storm News
Packet Storm News
added 2026/05/09 12:0 a.m.20 views

AI Native Asset Intelligence

Modern security environments generate fragmented signals across cloud resources, identities, configurations, and third-party security tools. Although AI-native security assistants improve access to this data, they remain largely reactive: users must ask the right questions and interpret...

5.8AI score
Exploits0
SUSE Linux
SUSE Linux
added 2026/05/08 8:58 a.m.8 views

Security update for strongswan

This update for strongswan fixes the following issues: CVE-2026-35329: NULL pointer dereference when processing padding in PKCS7 bsc1261717. CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes bsc1261705. CVE-2026-35331: acceptance of certificates violating X.509 name constrain...

9.2CVSS5.8AI score
Exploits6References24
OSV
OSV
added 2026/05/08 8:58 a.m.6 views

SUSE-SU-2026:1762-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2026-35329: NULL pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes bsc1261705. - CVE-2026-35331: acceptance of certificates violating X.509 name...

5.8AI score
Exploits6References13
EUVD
EUVD
added 2026/05/06 6:30 p.m.12 views

EUVD-2026-27862

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 5:16 p.m.8 views

CVE-2026-20193

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS0.00221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 4:15 p.m.8 views

CVE-2026-20193

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/06 4:15 p.m.25 views

CVE-2026-20193

Cisco Identity Services Engine (ISE) is affected by CVE-2026-20193 due to improper RBAC on the RADIUS Policy API endpoints. An authenticated, remote attacker with read-only Administrator privileges could bypass the web UI and call an affected endpoint to gain unauthorized read access to sensitive...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/06 4:15 p.m.37 views

CVE-2026-20193 Cisco Identity Services Engine Authentication Bypass Vulnerability

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 4:15 p.m.7 views

CVE-2026-20193 Cisco Identity Services Engine Authentication Bypass Vulnerability

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-37657

Name of the Vulnerable Software and Affected Versions Cisco ISE affected versions not specified Description Improper role-based access control RBAC permissions on the RADIUS Policy API endpoints allow an authenticated remote attacker with read-only Administrator privileges to gain unauthorized re...

4.3CVSS5.9AI score0.00221EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Cisco ISE 安全漏洞

Cisco ISE is a NAC solution developed by the American company Cisco. It is used to manage access to network resources for endpoints, users, and devices in a zero-trust architecture. Cisco ISE has a security vulnerability that stems from improper role-based access control permissions on the RADIUS...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Rows per page
Query Builder