Lucene search
+L

282 matches found

Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-56186 Windows Secure Channel Information Disclosure Vulnerability

...

8.1CVSS6.1AI score0.01102EPSS
Exploits0References1
CVE
CVE
added 3 days ago6 views

CVE-2026-56186

CVE-2026-56186 is a Windows Schannel vulnerability described as an out-of-bounds read that enables an authorized attacker to disclose information over a network. The CVE affects the Windows Schannel security component and is rated with CVSS v3.1 base score 8.1 (High) and NETWORK attack vector wit...

8.1CVSS6.1AI score0.01102EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-56186 Windows Secure Channel Information Disclosure Vulnerability

...

8.1CVSS0.01102EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-50681

CVE-2026-50681 is a Windows Secure Channel information disclosure vulnerability in Windows Cryptographic Services. The available documents describe exposure of sensitive information to an unauthorized actor, allowing a locally authenticated attacker to disclose data. Connected sources confirm the...

5.5CVSS6AI score0.00469EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-50681 Windows Secure Channel Information Disclosure Vulnerability

...

5.5CVSS0.00469EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago5 views

CVE-2026-50681 Windows Secure Channel Information Disclosure Vulnerability

...

5.5CVSS6.1AI score0.00469EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago23 views

CVE-2026-44806 Windows Secure Channel Denial of Service Vulnerability

...

5.3CVSS0.00776EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-44806 Windows Secure Channel Denial of Service Vulnerability

...

5.3CVSS6.1AI score0.00776EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 3 days ago15 views

Windows Secure Channel Denial of Service Vulnerability

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network...

7.5CVSS6.1AI score0.00776EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 3 days ago13 views

Windows Secure Channel Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally...

5.5CVSS6.1AI score0.00469EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 3 days ago6 views

Windows Secure Channel Information Disclosure Vulnerability

Out-of-bounds read in Windows Schannel allows an authorized attacker to disclose information over a network...

8.1CVSS6.1AI score0.01102EPSS
Exploits0
Kaspersky
Kaspersky
added 3 days ago4 views

KLA91153 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of...

7.5AI score
Exploits0References432
Github Security Blog
Github Security Blog
added 2026/06/25 10:21 p.m.8 views

golang.org/x/crypto vulnerable to infinite loop on large channel writes

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...

9.1CVSS6AI score0.00466EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/06/19 8:47 p.m.9 views

Unprotected Transport of Credentials

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Unprotected Transport of Credentials through the...

9.1CVSS5.9AI score0.00175EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:9 p.m.14 views

Malicious code in token-prices-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10adc862166a2dbaf26f3dc56b4c1dfa0fd45e625f713380564d0b18fb07088d On npm install, the preinstall lifecycle script in postinstall.js enumerates process.env, filters keys matching a broad credential regex...

5.4AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 9:57 a.m.42 views

CVE-2026-11860 Insecure Deserialisation via Plaintext HTTP leading to Remote Code Execution in Quick.CMS

Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class...

7.5CVSS0.00235EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.11 views

cve-2026-41714 - MEDIUM - In Spring AMQP the `RabbitConnectionFactoryBean.setUri("amqps://...")` bypasses secure SSL setup, uses `TrustEverythingTrustManager`

cve-2026-41714 - MEDIUM - In Spring AMQP the RabbitConnectionFactoryBean.setUri"amqps://..." bypasses secure SSL setup, uses TrustEverythingTrustManager...

4CVSS6.1AI score0.00132EPSS
Exploits0
OSV
OSV
added 2026/06/07 5:10 a.m.23 views

MGASA-2026-0179 Updated golang-x-crypto & golang-x-sys-devel packages fix security vulnerability

fixes a protocol weakness in the golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise the integrity of the secure channel before it was established, allowing them to prevent transmission of a number of messages immediately after the secure channel was established without...

5.9CVSS6.9AI score0.93305EPSS
Exploits4References5
Packet Storm News
Packet Storm News
added 2026/04/21 12:0 a.m.10 views

We Are Currently Clean on OPSEC: Why JD Can't Encrypt

We analyse the 2025 Signalgate leak of sensitive US military information by the Trump administration, addressing why confidentiality was violated messages leaked to the press in spite of encryption Signal, to deepen the socio-technical considerations when designing and deploying encryption. First...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/04/08 3:59 p.m.25 views

CVE-2026-4837 Eval Injection in Rapid7 Insight Agent

An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...

6.6CVSS0.0041EPSS
Exploits0References1
Rows per page
Query Builder