Lucene search
+L

1676 matches found

Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.11 views

PT-2026-7207

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP and ABAP Platform affected versions not specified Description An authenticated, low-privileged user can execute background Remote Function Calls without the necessary S RFC authorization in specific...

9.6CVSS5.9AI score0.00337EPSS
Exploits0References9
CVE
CVE
added 2026/02/06 7:20 p.m.66 views

CVE-2026-25727

CVE-2026-25727 affects the Rust time crate: versions 0.3.6 up to but not including 0.3.47 allow a denial-of-service via stack exhaustion when input parsed as RFC 2822. The vulnerability relies on deprecated RFC 2822 features; a recursion-depth limit was introduced in 0.3.47, which now returns an ...

6.8CVSS5.4AI score0.00291EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/05 5:57 p.m.4 views

time vulnerable to stack exhaustion Denial of Service attack

Impact When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,...

6.8CVSS5.3AI score0.00291EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/02 12:0 a.m.3 views

RHEL 7 : openssl (RHSA-2026:1720)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1720 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

7.5CVSS5.6AI score0.01744EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2026/01/29 12:0 a.m.209 views

📄 OpenSSL 3.x ASN.1 AES‑GCM Nonce Stack Corruption

This Metasploit auxiliary module generates a specially crafted CMS file encoded in DER format to test a stack-based buffer overflow vulnerability in OpenSSL's ASN.1 parser related to improper handling of oversized AES-GCM nonce IV values within AES-GCM-Parameters as defined in RFC 5084. The...

9.8CVSS6.3AI score0.47621EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2026/01/28 9:21 a.m.5 views

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

7.5CVSS6AI score0.01744EPSS
Exploits0References4
OSV
OSV
added 2026/01/28 12:24 a.m.7 views

CVE-2026-24850 ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...

5.3CVSS5.9AI score0.00299EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.14 views

PT-2026-5048

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...

5.3CVSS5.9AI score0.00299EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/01/19 11:17 a.m.11 views

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

7.5CVSS6AI score0.01744EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.16 views

SAP NetWeaver AS ABAP Missing Authorization Check (3688703)

The remote SAP NetWeaver ABAP server is affected by a authorization check vulnerability as referenced in the 3688703 advisory. - Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form...

8.1CVSS5.7AI score0.00228EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

RHEL 8 : openssl (RHSA-2026:0714)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0714 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

7.5CVSS6.6AI score0.01744EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2026/01/14 9:8 a.m.9 views

openssl security update

An update is available for openssl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transpo...

7.5CVSS6.9AI score0.01744EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/14 1:22 a.m.10 views

CVE-2026-0498

SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...

9.1CVSS7.4AI score0.00409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 1:22 a.m.5 views

CVE-2026-0506

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...

8.1CVSS7AI score0.00228EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.3 views

RockyLinux 8 : openssl (RLSA-2026:0337)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0337 advisory. openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9230 Tenable has extracted the preceding description block directly from the RockyLinux securi...

7.5CVSS6.5AI score0.01744EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.8 views

MiracleLinux 8 : openssl-1.1.1k-14.el8_10 (AXSA:2026-025:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-025:02 advisory. openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9230 Tenable has extracted the preceding description block directly from the MiracleLinux...

7.5CVSS6.5AI score0.01744EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/01/13 8:7 p.m.14 views

curl: IMAP Protocol Desynchronization and Response Smuggling via Naive Literal Parsing

libcurl incorrectly parses IMAP literals size even when they are embedded within quoted strings e.g., email subjects or headers. This behavior violates RFC 3501, which mandates that content inside double quotes must be treated as opaque text. This parsing error causes the client state machine to...

7AI score
Exploits0
Cvelist
Cvelist
added 2026/01/13 1:14 a.m.37 views

CVE-2026-0506 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...

8.1CVSS0.00228EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.10 views

CVE-2023-40457

The BGP daemon in Extreme Networks ExtremeXOS aka EXOS 30.7.1.1 allows an attacker who is not on a directly connected network to cause a denial of service BGP session reset because of BGP attribute error mishandling for attribute 21 and 25. NOTE: the vendor disputes this because it is "evaluating...

6.9AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:32 a.m.13 views

CVE-2017-18924

oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not...

9.1CVSS7.2AI score0.0219EPSS
Exploits2References1
Rows per page
Query Builder