1719 matches found
SUSE CVE-2026-34877
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...
EUVD-2026-18394
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...
DEBIAN-CVE-2026-34877
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...
CVE-2026-34877
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...
UBUNTU-CVE-2026-34877
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...
PT-2026-29820
Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.19.0 through 3.6.5, Mbed TLS version 4.0.0 Description A flaw exists in Mbed TLS that, due to insufficient protection of serialized SSL context or session structures, could allow an attacker who can modify these structures ...
CVE-2026-34877
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...
CVE-2026-34877
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...
Mbed TLS 安全漏洞
Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed TLS. Mbed TLS versions 3.6.5 and earlier, as well as version 4.0.0, have security vulnerabilities. These vulnerabilities stem from insufficient protection for serialized SSL contexts or session...
CVE-2026-34877
CVE-2026-34877 concerns Mbed TLS: versions 2.19.0 through 3.6.5 and 4.0.0 have insufficient protection of serialized SSL context or session structures. An attacker who can modify serialized data may induce memory corruption, leading to arbitrary code execution due to the Incorrect Use of Privileg...
CVE-2026-34877
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...
RTI Connext Professional 安全漏洞
RTI Connext Professional is a connectivity platform developed by RTI Corporation in the United States, specifically designed to meet the demanding requirements of Industrial Internet of Things IIoT. RTI Connext Professional has a security vulnerability that stems from improper restrictions on XML...
CVE-2026-33993
A flaw was found in Locutus, a library that integrates standard libraries from other programming languages into JavaScript. The unserialize function, which converts serialized PHP data into JavaScript objects, fails to filter the proto key during deserialization. A remote attacker can exploit thi...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via /ui/api/query/«queryid» and /v1/query/«queryid» endpoints. An attacker can obtain sensitive credentials by accessing the serialized query JSON after performing wri...
Cross-site Scripting (XSS)
Overview org.webjars.npm:trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-trix-serialized-attributes attribute bypassing the DOMPurify sanitizer. An attacker can execute arbitrary JavaScript code within the user's session by...
GHSA-QMPG-8XG6-PH5Q Trix has a Stored XSS vulnerability through serialized attributes
Impact The Trix editor, in versions prior to 2.1.17, is vulnerable to XSS attacks when a data-trix-serialized-attributes attribute bypasses the DOMPurify sanitizer. An attacker could craft HTML containing a data-trix-serialized-attributes attribute with a malicious payload that, when the content ...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-trix-serialized-attributes attribute bypassing the DOMPurify sanitizer. An attacker can execute arbitrary JavaScript code within the user's session by crafting HTML containing a malicious payload in...
Trix has a Stored XSS vulnerability through serialized attributes
Impact The Trix editor, in versions prior to 2.1.17, is vulnerable to XSS attacks when a data-trix-serialized-attributes attribute bypasses the DOMPurify sanitizer. An attacker could craft HTML containing a data-trix-serialized-attributes attribute with a malicious payload that, when the content ...
Trix has a Stored XSS vulnerability through serialized attributes
The Trix editor, in versions prior to 2.1.17, is vulnerable to XSS attacks when a data-trix-serialized-attributes attribute bypasses the DOMPurify sanitizer. An attacker could craft HTML containing a data-trix-serialized-attributes attribute with a malicious payload that, when the content is...
NewStart CGSL MAIN 6.06 (SP) : p11-kit Multiple Vulnerabilities (NS-SA-2026-0024)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has p11-kit packages installed that are affected by multiple vulnerabilities: - An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit...