Lucene search
K

365 matches found

EUVD
EUVD
added 2026/03/04 6:31 p.m.4 views

EUVD-2026-9413

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...

5.4CVSS5.8AI score0.00084EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/04 4:7 p.m.34 views

CVE-2026-23601 Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...

5.4CVSS0.00084EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/04 4:7 p.m.4 views

CVE-2026-23601 Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...

5.4CVSS5.8AI score0.00084EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.6 views

PT-2026-22941

Name of the Vulnerable Software and Affected Versions Wi-Fi affected versions not specified Description A security issue exists in how Wi-Fi handles wireless encryption during transmissions. An attacker can create specially crafted, authenticated transmissions that appear to come from a trusted...

5.4CVSS5.8AI score0.00084EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/03 8:7 p.m.2 views

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via incorrect interpretation of the length prefix in the PSK extension field during TLS 1.3 handshakes. An attacker can exhaust server resources and cause service disruption by sending repeated...

6.3CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

Beetel 777VR1 信任管理问题漏洞

Beetel 777VR1 is a router produced by the Beetel company. Versions of Beetel 777VR1 starting from 01.00.09 and earlier have a vulnerability related to trust management. This vulnerability stems from hardcoded credentials used during the processing of the WPA2 PSK component...

3.1CVSS5.8AI score0.00259EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/18 2:32 a.m.3 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7.1AI score0.01056EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/17 9:33 a.m.6 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS5.9AI score0.01056EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/17 12:48 a.m.7 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7.1AI score0.01056EPSS
Exploits0References5
CVE
CVE
added 2026/02/14 3:9 p.m.27 views

CVE-2026-23125

CVE-2026-23125 (Linux kernel SCTP) : A null-pointer dereference in the SCTP transmit path could occur when SCTP-AUTH key initialization fails during INIT_ACK processing. The issue arises because SCTP_CMD_ASSOC_SHKEY is executed after PEER_INIT and can leave asoc->shkey NULL if key setup fails,...

5.5CVSS5.3AI score0.00114EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2026/02/14 3:9 p.m.5 views

CVE-2026-23125

In the Linux kernel, the following vulnerability has been resolved: sctp: move SCTPCMDASSOCSHKEY right after SCTPCMDPEERINIT A null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key initialization fails: ================================================================== KASAN:...

5.5CVSS5.2AI score0.00114EPSS
Exploits0
OSV
OSV
added 2026/02/10 10:17 p.m.5 views

UBUNTU-CVE-2026-26007

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey functions do not verify that the...

8.2CVSS6.9AI score0.00341EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/10 12:54 p.m.3 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS5.9AI score0.01056EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/09 2:51 p.m.7 views

CVE-2026-1584

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

7.5CVSS5.2AI score0.01382EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/06 12:30 a.m.5 views

EUVD-2026-5525

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

3.2CVSS5.4AI score0.00106EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/02/05 4:3 p.m.5 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS5.9AI score0.01056EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/05 4:3 p.m.5 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS5.9AI score0.01056EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.8 views

CVE-2025-62514

Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, libparseccrypto, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means ...

8.3CVSS5.9AI score0.0026EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/01/28 4:21 p.m.12 views

Clatter has a PSK Validity Rule Violation issue

Impact Protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework Section 9.3. This could allow PSK-derived keys to be used for encryption without proper randomization by self-chosen ephemeral randomness,...

9.3CVSS5.8AI score0.00122EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.9 views

Clatter encryption issue vulnerabilities

Clatter is a Rust library developed by Joni Lepistö. Versions of Clatter prior to 2.2.0 had an encryption-related vulnerability. This vulnerability stemmed from a handshake mode that allowed violations of PSK validity rules, potentially leading to key reuse...

9.3CVSS5.8AI score0.00122EPSS
Exploits0References3
Rows per page
Query Builder