Lucene search
+L

3386 matches found

EUVD
EUVD
added 2026/06/25 7:31 p.m.9 views

EUVD-2026-39545

Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 7:31 p.m.34 views

CVE-2026-55960 Un-negotiated Raw Public Key (RFC 7250) accepted in place of X.509, bypassing chain validation

Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer...

8.2CVSS0.00145EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/25 7:31 p.m.9 views

CVE-2026-55960

Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer...

8.2CVSS5.8AI score0.00145EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/25 7:31 p.m.6 views

CVE-2026-55960

Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/25 7:31 p.m.29 views

CVE-2026-55960

The CVE-2026-55960 entry describes a vulnerability in wolfSSL builds that support Raw Public Key (RPK). Un-negotiated Raw Public Key (RFC 7250) could be accepted in place of an X.509 certificate by ParseCertRelative(), bypassing trust checks, because a raw public key has no chain. The fix/workaro...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 7:31 p.m.8 views

CVE-2026-55960

Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/25 3:26 p.m.9 views

CVE-2026-48940

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

3.4CVSS5.8AI score0.00167EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 9:16 a.m.10 views

CVE-2026-53249

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...

5.5CVSS0.00128EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 8:39 a.m.3 views

CVE-2026-53249 ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/06/25 2:19 a.m.8 views

SUSE CVE-2026-56368

ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.14 views

PT-2026-52344

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Unprivileged applications can set Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options. This allows an attacker to force packets to route through...

5.5CVSS6.1AI score0.00128EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52572

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where an un-negotiated Raw Public Key RPK, as defined in RFC 7250, is accepted instead of an X.509 certificate, allowing the bypass of chain...

8.2CVSS5.7AI score0.00145EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-53025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - greybus: raw: fix use-after-free on cdev close This addresses a use-after-free bug when a raw bundle is disconnected but its chardev is still opened by an...

7.8CVSS6.1AI score0.00129EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53024

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - greybus: raw: fix use-after-free if write is called after disconnect If a user writes to the chardev after disconnect has been called, the kernel panics with th...

7.8CVSS6AI score0.00129EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 10:16 p.m.11 views

CVE-2026-49979

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS0.00218EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/24 6:32 p.m.7 views

EUVD-2026-38892

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free if write is called after disconnect If a user writes to the chardev after disconnect has been called, the kernel panics with the following trace with CONFIGINITONFREEDEFAULTON=y: BUG: kernel NULL...

5.7AI score0.00129EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 6:32 p.m.7 views

EUVD-2026-38893

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free on cdev close This addresses a use-after-free bug when a raw bundle is disconnected but its chardev is still opened by an application. When the application releases the cdev, it causes the followi...

5.7AI score0.00129EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-53024

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free if write is called after disconnect If a user writes to the chardev after disconnect has been called, the kernel panics with the following trace with CONFIGINITONFREEDEFAULTON=y: BUG: kernel NULL...

7.8CVSS0.00129EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-53025

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free on cdev close This addresses a use-after-free bug when a raw bundle is disconnected but its chardev is still opened by an application. When the application releases the cdev, it causes the followi...

7.8CVSS0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 4:29 p.m.10 views

CVE-2026-53024

Summary: CVE-2026-53024 affects the Linux kernel Greybus raw subsystem. A use-after-free can occur when a user writes to a chardev after disconnect, because gb_connection_destroy frees the connection object during disconnect and a subsequent write may access that freed object, potentially trigger...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder