282 matches found
CVE-2026-56186 Windows Secure Channel Information Disclosure Vulnerability
...
CVE-2026-56186
CVE-2026-56186 is a Windows Schannel vulnerability described as an out-of-bounds read that enables an authorized attacker to disclose information over a network. The CVE affects the Windows Schannel security component and is rated with CVSS v3.1 base score 8.1 (High) and NETWORK attack vector wit...
CVE-2026-56186 Windows Secure Channel Information Disclosure Vulnerability
...
CVE-2026-50681
CVE-2026-50681 is a Windows Secure Channel information disclosure vulnerability in Windows Cryptographic Services. The available documents describe exposure of sensitive information to an unauthorized actor, allowing a locally authenticated attacker to disclose data. Connected sources confirm the...
CVE-2026-50681 Windows Secure Channel Information Disclosure Vulnerability
...
CVE-2026-50681 Windows Secure Channel Information Disclosure Vulnerability
...
CVE-2026-44806 Windows Secure Channel Denial of Service Vulnerability
...
CVE-2026-44806 Windows Secure Channel Denial of Service Vulnerability
...
Windows Secure Channel Denial of Service Vulnerability
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network...
Windows Secure Channel Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally...
Windows Secure Channel Information Disclosure Vulnerability
Out-of-bounds read in Windows Schannel allows an authorized attacker to disclose information over a network...
KLA91153 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of...
golang.org/x/crypto vulnerable to infinite loop on large channel writes
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...
Unprotected Transport of Credentials
Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Unprotected Transport of Credentials through the...
Malicious code in token-prices-cron (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10adc862166a2dbaf26f3dc56b4c1dfa0fd45e625f713380564d0b18fb07088d On npm install, the preinstall lifecycle script in postinstall.js enumerates process.env, filters keys matching a broad credential regex...
CVE-2026-11860 Insecure Deserialisation via Plaintext HTTP leading to Remote Code Execution in Quick.CMS
Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class...
cve-2026-41714 - MEDIUM - In Spring AMQP the `RabbitConnectionFactoryBean.setUri("amqps://...")` bypasses secure SSL setup, uses `TrustEverythingTrustManager`
cve-2026-41714 - MEDIUM - In Spring AMQP the RabbitConnectionFactoryBean.setUri"amqps://..." bypasses secure SSL setup, uses TrustEverythingTrustManager...
MGASA-2026-0179 Updated golang-x-crypto & golang-x-sys-devel packages fix security vulnerability
fixes a protocol weakness in the golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise the integrity of the secure channel before it was established, allowing them to prevent transmission of a number of messages immediately after the secure channel was established without...
We Are Currently Clean on OPSEC: Why JD Can't Encrypt
We analyse the 2025 Signalgate leak of sensitive US military information by the Trump administration, addressing why confidentiality was violated messages leaked to the press in spite of encryption Signal, to deepen the socio-technical considerations when designing and deploying encryption. First...
CVE-2026-4837 Eval Injection in Rapid7 Insight Agent
An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...