Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

RedHat Linux
RedHat Linuxadded 2026/06/03 8:19 a.m.11 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.8AI score0.00765EPSS
Exploits1References8
Tenable Nessus
Tenable Nessusadded 2026/03/13 12:0 a.m.6 views

TencentOS Server 3: go-toolset:rhel8 (TSSA-2026:0170)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0170 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

10CVSS6AI score0.00765EPSS
Exploits2References5
OSV
OSVadded 2026/02/05 6:16 p.m.12 views

AZL-76665 CVE-2025-68121 affecting package msft-golang for versions less than 1.24.12-1

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

10CVSS6.7AI score0.00765EPSS
Exploits1References1
AlmaLinux
AlmaLinuxadded 2025/09/02 12:0 a.m.7 views

Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption...

9.1CVSS6.9AI score0.0097EPSS
Exploits1References8
RedHat Linux
RedHat Linuxadded 2020/06/22 6:47 a.m.0 views

gnutls: session resumption works without master key allowing MITM

A flaw was found in GnuTLS, in versions starting from 3.6.4, where it does not session the ticket encryption key in a secure fashion by the application which is connecting. This flaw allows an attacker to craft a man-in-the-middle-attack, with the ability to bypass the TLS1.3 authentication and...

7.4CVSS7.1AI score0.17507EPSS
Exploits3References5
RedHat Linux
RedHat Linuxadded 2017/06/28 5:8 a.m.7 views

freeradius: TLS resumption authentication bypass

An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session...

9.8CVSS5.8AI score0.03914EPSS
Exploits0References4
Rows per page
Query Builder