22 matches found
EUVD-2026-39575
TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...
DEBIAN-CVE-2026-55962
TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...
OpenSSL TLS 1.3 server may choose unexpected key agreement group
...
CVE-2026-27589 Caddy vulnerable to cross-origin config application via local admin API /load (caddy)
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...
Improper Validation of Syntactic Correctness of Input
Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input of the request's Host header. An attacker can manipulate server behavior, potentially leading to cache...
PT-2026-2535
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel’s Network File System daemon NFSD related to handling Access Control Lists ACLs during NFSv4 file creation. Specifically, when an NFSv4 client attempt...
EUVD-2024-33579
Malicious code in bioql PyPI...
wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server...
wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server...
wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server...
Metasploit Wrap-Up 05/30/2025
The internet is a series of Tube SOCKS Metasploit has supported SOCKS proxies for years now, being able to both act as both a client by setting the Proxies datastore option and a server by running the auxiliary/server/socksproxy module. While Metasploit has supported both SOCKS versions 4a and 5,...
wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server...
GHSA-64GP-R758-8PFM Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment
A vulnerability was found in the WildFly management console. A user may perform cross-site scripting in the deployment system. An attacker or insider may execute a malicious payload which could trigger an undesired behavior against the server. Impact Cross-site scripting XSS vulnerability in the...
CVE-2024-10234 Wildfly: wildfly vulnerable to cross-site scripting (xss)
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server...
jetty: Improper validation of HTTP/1 content-length
A flaw was found in Jetty that permits a plus sign + preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400...
GHSA-XVHG-W6QC-M3QQ Yaklang Plugin's Fuzztag Component Allows Unauthorized Local File Reading
Impact The Yak Engine has been found to contain a local file inclusion LFI vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential...
Remote code execution
yaklang is a programming language designed for cybersecurity. The Yak Engine has been found to contain a local file inclusion LFI vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to t...
HTTP Payload CRLF Injection
A CRLF Injection over HTTP payload vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to change the server's behavior...
CVE-2016-0923
The client in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server...
Mail.ru: e.mail.ru: File upload "Chapito" circus
Начинаем пихать зиробайты в имя файла на загрузке и поведение сервера неадекватно. Пока ничего страшнее чем local path disclosure, но боюсь импакт больше чем кажется. В имени файла в примере "������t123123", в хексе "220000000000007431323331323322" POST...