Lucene search
+L

291 matches found

nvd
nvd
added 2 days ago2 views

CVE-2026-50694

Use after free in Windows Secure Socket Tunneling Protocol SSTP allows an unauthorized attacker to execute code over a network...

9.8CVSS0.00614EPSS
Exploits0References1
mscve
mscve
added 2 days ago4 views

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Use after free in Windows Secure Socket Tunneling Protocol SSTP allows an unauthorized attacker to execute code over a network...

9.8CVSS6.2AI score0.00614EPSS
Exploits0
ptsecurity
ptsecurity
added 2 days ago4 views

PT-2026-58214

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description A use after free issue in the Windows Secure Socket Tunneling Protocol SSTP allows an unauthorized attacker to execute code over a network. Use after free is a memory corruption fla...

8.1CVSS6.2AI score0.00614EPSS
Exploits0References4
euvd
euvd
added 2026/07/09 5:10 p.m.7 views

EUVD-2026-42637

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends...

7.5CVSS6AI score0.00229EPSS
Exploits0References2
redhat
redhat
added 2026/07/09 3:29 p.m.3 views

netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers

A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested PP2TYPESSL type-length-value TLV records. This can lead to a memory leak, causing the underlying cumulation...

8.7CVSS6.1AI score0.00606EPSS
Exploits0References7
osv
osv
added 2026/07/03 7:16 a.m.6 views

ALPINE-CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.9AI score0.00408EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/07/02 11:7 p.m.10 views

CVE-2026-13079

A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the client is installed. This issue affects the Mobile VPN with SSL client for Windows up to and...

7.3CVSS5.8AI score0.00114EPSS
Exploits0References2Affected Software1
nessus
nessus
added 2026/06/02 12:0 a.m.17 views

Ubuntu 25.10 / 26.04 LTS : OpenJDK 26 vulnerabilities (USN-8341-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8341-1 advisory. Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker...

7.5CVSS7.3AI score0.00702EPSS
Exploits0References10
osv
osv
added 2026/06/01 1:52 p.m.16 views

USN-8354-1 nginx vulnerabilities

It was discovered that nginx did not properly validate source addresses in the HTTP/3 QUIC module. A remote attacker could possibly use this issue to bypass authorization checks or rate limiting. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. CVE-2026-40460 It was discovered that nginx...

9.2CVSS6AI score0.04261EPSS
Exploits3References6
packetstormnews
packetstormnews
added 2026/05/29 12:0 a.m.44 views

R+R: Reassessing Java Security API Misuse in Current LLMs: A Replication on JCA and JSSE APIs with External Security Knowledge

The misuse of Java security APIs is a serious security problem in software development. Research in 2024 has shown that this problem is widespread in LLM-generated code. However, it remains unclear whether this phenomenon persists in current models and how external security knowledge affects it...

5.9AI score
Exploits0
ubuntu
ubuntu
added 2026/05/28 11:45 a.m.27 views

USN-8331-1: OpenJDK 11 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 11 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
ubuntu
ubuntu
added 2026/05/28 11:38 a.m.34 views

USN-8330-1: OpenJDK 8 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 8 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the JSSE component of OpenJDK 8 d...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
redos
redos
added 2026/05/24 12:0 a.m.61 views

ROS-20260524-73-0003

A vulnerability in the JSSE component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with a breach of the data protection mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to...

5.3CVSS7.2AI score0.00305EPSS
Exploits0
redos
redos
added 2026/05/24 12:0 a.m.22 views

ROS-20260524-73-0002

A vulnerability in the JSSE component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with a breach of the data protection mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to...

5.3CVSS7.2AI score0.00305EPSS
Exploits0
redos
redos
added 2026/05/24 12:0 a.m.18 views

ROS-20260524-73-0005

A vulnerability in the JSSE component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with a breach of the data protection mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to...

5.3CVSS7.2AI score0.00305EPSS
Exploits0
cvelist
cvelist
added 2026/05/20 4:15 p.m.39 views

CVE-2026-20199

A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An...

4.7CVSS0.00438EPSS
Exploits0References1
osv
osv
added 2026/05/08 5:44 a.m.6 views

BIT-JRE-2021-35578

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker...

5.3CVSS6.7AI score0.06218EPSS
Exploits0References11
osv
osv
added 2026/05/08 5:43 a.m.5 views

BIT-JRE-2020-2816

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability c...

7.5CVSS7.1AI score0.02698EPSS
Exploits0References6
osv
osv
added 2026/05/08 5:43 a.m.14 views

BIT-JRE-2020-2655

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this...

5.8CVSS6.8AI score0.03613EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/05/08 12:0 a.m.17 views

PT-2026-38743

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

4.3CVSS5.8AI score0.04104EPSS
Exploits0References12
Rows per page
Query Builder