CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

143 matches found

curl: SMTP connection reuse ignores --ssl-reqd / CURLOPT_USE_SSL and reuses a clear-text STARTTLS session on current master

Summary: Current master reintroduces a STARTTLS connection-reuse bug in SMTP. After commit 91dcf4e610 url: urlmatchdestination fix, curl/libcurl can reuse an already-established clear-text smtp:// session for a later logical request that explicitly requires TLS via --ssl-reqd or CURLOPTUSESSL =...

5.8AI score

Exploits0

SUSE CVE•added 2026/05/15 2:19 a.m.•3 views

SUSE CVE-2016-9244

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer SSL session IDs from other sessions. It is possible...

7.5CVSS7AI score0.67474EPSS

Exploits6References3

IBM Security Bulletins•added 2026/03/23 1:58 p.m.•2 views

Security Bulletin: Security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak. Nginx is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

5.3CVSS6.8AI score0.02857EPSS

Exploits0Affected Software1

Tenable Nessus•added 2026/03/20 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-2646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate a...

8.1CVSS5.9AI score0.0004EPSS

Exploits0References3

OSV•added 2026/03/19 6:16 p.m.•0 views

DEBIAN-CVE-2026-2646

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and...

8.1CVSS5.3AI score0.0004EPSS

Exploits0References1

Cvelist•added 2026/03/19 5:25 p.m.•15 views

CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function

5.8CVSS0.0004EPSS

Exploits0References2

Positive Technologies•added 2026/03/19 12:0 a.m.•0 views

PT-2026-26322

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL d2i SSL SESSION function. When deserializing session data with SESSION CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers...

5.8CVSS5.8AI score0.0004EPSS

Exploits0References6