CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

103 matches found

CVE-2026-54275 AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request serverhostname...

6.9CVSS0.00254EPSS

Exploits0References1

Github Security Blog•added 2026/06/15 8:11 p.m.•9 views

aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

Summary The serverhostname TLS SNI check can be bypassed when an existing connection is reused. Impact If an application makes multiple requests to the same domain, but with different per-request serverhostname parameters, then the later calls may succeed by reusing the existing connection when...

6.9CVSS5.3AI score0.00254EPSS

Exploits0References2Affected Software1

OSV•added 2026/06/15 8:11 p.m.•3 views

GHSA-4M7W-QMGQ-4WJ5 aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

6.9CVSS5.4AI score0.00254EPSS

Exploits0References2

Positive Technologies•added 2026/06/15 12:0 a.m.•6 views

PT-2026-49589

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description The server hostname TLS SNI Server Name Indication check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain using different per-reque...

6.9CVSS5.8AI score0.00254EPSS

Exploits0References4

RedhatCVE•added 2026/06/11 8:59 a.m.•8 views

CVE-2026-35563

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS5.5AI score0.00182EPSS

Exploits0References1

CVE•added 2026/04/16 4:19 a.m.•10 views

CVE-2026-40118

CVE-2026-40118 involves Arcserve’s UDP Console. The issue is an incorrectly specified destination in a communication channel: if a user configures the activation server hostname to a dummy URL, the product may contact that dummy domain, potentially causing information disclosure. The provided doc...

6.3CVSS6.6AI score0.00178EPSS

Exploits0References2

Packet Storm•added 2026/02/06 12:0 a.m.•144 views

📄 WordPress TNC Toolbox 1.4.2 Information Disclosure

WordPress TNC Toolbox plugin versions 1.4.2 and below sensitive information disclosure proof of concept exploit. ============================================================================================================================================= | Title : WordPress TNC Toolbox = 1.4.2...

10CVSS5.3AI score0.00931EPSS

Exploits1

OSV•added 2025/12/08 2:15 a.m.•7 views

UBUNTU-CVE-2023-53751

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCPServerInfo::hostname TCPServerInfo::hostname may be updated once or many times during reconnect, so protect its access outside reconnect path as well and then prevent any potential...

5.7AI score0.00156EPSS

Exploits0References7

OSV•added 2025/12/08 1:19 a.m.•2 views

CVE-2023-53751 cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname

6.5AI score0.00156EPSS

Exploits0References7

Tenable Nessus•added 2025/11/24 12:0 a.m.•1 views

Liferay Portal License Manager Detected

The target Liferay portal instance exposes information about the license state and the server. An unauthenticated attacked could leverage these information, such as server internal IP addresse and hostname, liferay version and license owner to conduct further attacks. No source data...

6.9AI score

Exploits0References1