Lucene search
K

1719 matches found

SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.10 views

SUSE CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS6AI score0.00426EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 6:31 p.m.5 views

EUVD-2026-18394

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS6AI score0.00426EPSS
Exploits0References3
OSV
OSV
added 2026/04/02 5:16 p.m.4 views

DEBIAN-CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References1
NVD
NVD
added 2026/04/02 5:16 p.m.3 views

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS0.00426EPSS
Exploits0References2
OSV
OSV
added 2026/04/02 5:16 p.m.6 views

UBUNTU-CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS6AI score0.00426EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-29820

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.19.0 through 3.6.5, Mbed TLS version 4.0.0 Description A flaw exists in Mbed TLS that, due to insufficient protection of serialized SSL context or session structures, could allow an attacker who can modify these structures ...

9.8CVSS6.2AI score0.00426EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/04/02 12:0 a.m.4 views

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS6AI score0.00426EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/02 12:0 a.m.4 views

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

6AI score0.00426EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

Mbed TLS 安全漏洞

Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed TLS. Mbed TLS versions 3.6.5 and earlier, as well as version 4.0.0, have security vulnerabilities. These vulnerabilities stem from insufficient protection for serialized SSL contexts or session...

9.8CVSS6.1AI score0.00426EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 12:0 a.m.25 views

CVE-2026-34877

CVE-2026-34877 concerns Mbed TLS: versions 2.19.0 through 3.6.5 and 4.0.0 have insufficient protection of serialized SSL context or session structures. An attacker who can modify serialized data may induce memory corruption, leading to arbitrary code execution due to the Incorrect Use of Privileg...

9.8CVSS6AI score0.00426EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/04/02 12:0 a.m.20 views

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

0.00426EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

RTI Connext Professional 安全漏洞

RTI Connext Professional is a connectivity platform developed by RTI Corporation in the United States, specifically designed to meet the demanding requirements of Industrial Internet of Things IIoT. RTI Connext Professional has a security vulnerability that stems from improper restrictions on XML...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/30 10:18 a.m.5 views

CVE-2026-33993

A flaw was found in Locutus, a library that integrates standard libraries from other programming languages into JavaScript. The unserialize function, which converts serialized PHP data into JavaScript objects, fails to filter the proto key during deserialization. A remote attacker can exploit thi...

9.8CVSS5.9AI score0.00583EPSS
Exploits1References7
Snyk
Snyk
added 2026/03/29 3:13 p.m.7 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via /ui/api/query/«queryid» and /v1/query/«queryid» endpoints. An attacker can obtain sensitive credentials by accessing the serialized query JSON after performing wri...

7.7CVSS5.9AI score0.00196EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 5:29 p.m.3 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-trix-serialized-attributes attribute bypassing the DOMPurify sanitizer. An attacker can execute arbitrary JavaScript code within the user's session by...

5.4CVSS5.7AI score
Exploits0References2
OSV
OSV
added 2026/03/12 5:29 p.m.2 views

GHSA-QMPG-8XG6-PH5Q Trix has a Stored XSS vulnerability through serialized attributes

Impact The Trix editor, in versions prior to 2.1.17, is vulnerable to XSS attacks when a data-trix-serialized-attributes attribute bypasses the DOMPurify sanitizer. An attacker could craft HTML containing a data-trix-serialized-attributes attribute with a malicious payload that, when the content ...

4.6CVSS6AI score
Exploits0References6
Snyk
Snyk
added 2026/03/12 5:29 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-trix-serialized-attributes attribute bypassing the DOMPurify sanitizer. An attacker can execute arbitrary JavaScript code within the user's session by crafting HTML containing a malicious payload in...

5.4CVSS5.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/12 5:29 p.m.16 views

Trix has a Stored XSS vulnerability through serialized attributes

Impact The Trix editor, in versions prior to 2.1.17, is vulnerable to XSS attacks when a data-trix-serialized-attributes attribute bypasses the DOMPurify sanitizer. An attacker could craft HTML containing a data-trix-serialized-attributes attribute with a malicious payload that, when the content ...

6AI score
Exploits0References6Affected Software2
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/12 12:0 a.m.6 views

Trix has a Stored XSS vulnerability through serialized attributes

The Trix editor, in versions prior to 2.1.17, is vulnerable to XSS attacks when a data-trix-serialized-attributes attribute bypasses the DOMPurify sanitizer. An attacker could craft HTML containing a data-trix-serialized-attributes attribute with a malicious payload that, when the content is...

6AI score
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.5 views

NewStart CGSL MAIN 6.06 (SP) : p11-kit Multiple Vulnerabilities (NS-SA-2026-0024)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has p11-kit packages installed that are affected by multiple vulnerabilities: - An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit...

7.5CVSS6.1AI score0.03515EPSS
Exploits0References7
Rows per page
Query Builder