Lucene search
+L

1516 matches found

nessus
nessus
added 2026/07/10 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-59818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls t...

8.1CVSS6.1AI score0.00319EPSS
Exploits0References3
euvd
euvd
added 2026/07/09 10:27 p.m.8 views

EUVD-2026-42748

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

6AI score0.0029EPSS
Exploits0References3
cve
cve
added 2026/07/09 10:27 p.m.12 views

CVE-2026-57501

Summary: CVE-2026-57501 affects Zen, a Firefox-based browser. Before version 1.21.5b, the contextual actions “Open link in glance” and “Split link in new tab” could load a page-controlled link URL with the System principal rather than the originating page’s principal, allowing a malicious page to...

6AI score0.0029EPSS
Exploits0References3
osv
osv
added 2026/07/09 10:27 p.m.3 views

CVE-2026-57501 Zen: Context-menu "Open link in glance" / "Split link in new tab" loads a page-controlled link with the System principal, bypassing the web-content scheme restriction

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

6.1AI score0.0029EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/09 12:0 a.m.7 views

PT-2026-57005

Name of the Vulnerable Software and Affected Versions Zen versions prior to 1.21.5b Description In the glance and split-view context-menu actions, specifically Open link in glance and Split link in new tab, the browser loads a page-controlled link URL using the System principal instead of the...

6.1AI score0.0029EPSS
Exploits0References5
osv
osv
added 2026/07/08 9:16 p.m.3 views

DEBIAN-CVE-2026-59818

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...

8.1CVSS6.1AI score0.00319EPSS
Exploits0References1
nvd
nvd
added 2026/07/08 9:16 p.m.9 views

CVE-2026-59818

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...

8.1CVSS0.00319EPSS
Exploits0References9
osv
osv
added 2026/07/08 9:16 p.m.3 views

UBUNTU-CVE-2026-59818

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...

8.1CVSS6.1AI score0.00319EPSS
Exploits0References11
alpinelinux
alpinelinux
added 2026/07/08 9:0 p.m.4 views

CVE-2026-59818

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...

8.1CVSS6.1AI score0.00319EPSS
Exploits0References9
debiancve
debiancve
added 2026/07/08 9:0 p.m.6 views

CVE-2026-59818

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...

8.1CVSS6.1AI score0.00319EPSS
Exploits0
cve
cve
added 2026/07/08 9:0 p.m.10 views

CVE-2026-59818

CVE-2026-59818 affects etcd (distributed key-value store). Prior to versions 3.5.32 and 3.6.13, when etcd uses separate HTTP and gRPC client listeners, the --client-crl-file CRL is not enforced on the gRPC listener, letting a revoked-certificate client authenticate over gRPC. The issue is fixed i...

8.1CVSS6AI score0.00319EPSS
Exploits0References9Affected Software1
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.9 views

PT-2026-56612

Name of the Vulnerable Software and Affected Versions etcd versions prior to 3.5.32 etcd versions prior to 3.6.13 Description etcd is a distributed key-value store for the data of a distributed system. When configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto...

8.1CVSS6.1AI score0.00319EPSS
Exploits0References15
osv
osv
added 2026/07/07 4:3 p.m.7 views

PYSEC-2026-1200 Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)

Summary Authlib’s JWS verification accepts tokens that declare unknown critical header parameters crit, violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header for example, bork or cnf that strict verifiers reject but Authlib accepts. In...

7.5CVSS6AI score0.00244EPSS
Exploits1References7
osv
osv
added 2026/07/03 11:5 a.m.3 views

OPENSUSE-SU-2026:21225-1 Security update for rmt-server

This update for rmt-server fixes the following issue Update to 3.0.0: - CVE-2026-42256: net-imap: hostile server can perform a DoS on client authenticating a connection with SCRAM-SHA1 or SCRAM-SHA2 bsc1265369. Changes for rmt-server: - Version 3.0.0 Security fix: Remove unused...

6.5CVSS6AI score0.00299EPSS
Exploits0References12
euvd
euvd
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40641

Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00262EPSS
Exploits0References3
nvd
nvd
added 2026/06/30 11:17 p.m.5 views

CVE-2026-14072

Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.0019EPSS
Exploits0References2
nvd
nvd
added 2026/06/30 11:17 p.m.5 views

CVE-2026-14026

Incorrect security UI in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.2CVSS0.00154EPSS
Exploits0References2
osv
osv
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-13953

Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/30 10:39 p.m.29 views

CVE-2026-14072

Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

0.0019EPSS
Exploits0References2
debiancve
debiancve
added 2026/06/30 10:38 p.m.9 views

CVE-2026-13953

Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00262EPSS
Exploits0
Rows per page
Query Builder