Lucene search
K

91397 matches found

Nuclei
Nuclei
added yesterday55 views

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. id: CVE-2017-3133 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.5AI score0.10677EPSS
Exploits5References2
Nuclei
Nuclei
added yesterday39 views

Fortinet FortiOS <=5.2.3 - Cross-Site Scripting

Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. id: CVE-2015-1880 info: name: Fortinet FortiOS =5.2.3 - Cross-Site Scripting author: pikpikcu...

4.3CVSS6.3AI score0.14255EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday70 views

Really Simple Security < 9.1.2 - Authentication Bypass

The Really Simple Security Free, Pro, and Pro Multisite plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'checkloginandgetuser' function. This makes it possible...

9.8CVSS6.8AI score0.81722EPSS
Exploits21References7
Nuclei
Nuclei
added yesterday67 views

Fortinet FortiOS - Cross-Site Scripting

Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal are vulnerable to cross-site scripting and allows attacker to execute unauthorized malicious script code via the error or message handling parameters. id: CVE-2018-13380 info: name:...

6.1CVSS6.4AI score0.62474EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-13462 PayRange for Android, version 7.0.7, contains an SSL bypass vulnerability

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends...

0.00229EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 5 days ago3 views

netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message

A flaw was found in netty-codec-haproxy, a component of the Netty network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy message with a malformed PP2TYPESSL TLV Type-Length-Value header. This can lead to an IndexOutOfBoundsException...

7.5CVSS5.9AI score0.00594EPSS
Exploits0References7
Nuclei
Nuclei
added last week18 views

FortiClient EMS - Authentication Bypass

Detects whether Fortinet hotfix FG-IR-26-099 for CVE-2026-35616 is missing by comparing behavioral responses from a certificate-authenticated endpoint. The template sends X-SSL-CLIENT-VERIFY: SUCCESS without certificate material and checks whether this spoofed header changes server behavior. id:...

9.8CVSS7.4AI score0.88505EPSS
Exploits8References2
OSV
OSV
added last week4 views

PYSEC-2026-1452 Home Assistant does not correctly validate SSL for outgoing requests in core and used libs

Summary Problem: Potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. Details In the past, aiohttp-session/request had the parameter verifyssl to control SSL certificate verification. This was a boolean value. In...

7CVSS6AI score0.00229EPSS
Exploits0References6
Debian
Debian
added 2026/07/04 12:44 p.m.7 views

[SECURITY] [DSA 6377-1] php8.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6377-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 04, 2026 https://www.debian.org/security/faq -...

5.6CVSS6.1AI score0.00306EPSS
Exploits0
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS0.00306EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/03 10:16 a.m.9 views

CVE-2026-55952

A flaw was found in Erlang/OTP's SSL Secure Sockets Layer application. An unauthenticated remote attacker can send a specially crafted ClientHello message to a TLS 1.3 server with session tickets enabled. This can permanently disrupt the server's ability to handle session tickets, leading to a...

8.2CVSS6AI score0.00487EPSS
Exploits0References10
Snyk
Snyk
added 2026/07/03 8:18 a.m.6 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation when the CURLOPTSSLSESSIONIDCACHE is enabled and the CURLSSLOPTEARLYDATA option is set in CURLOPTSSLOPTIONS. An attacker can intercept and obtain sensitive information by impersonating a server and...

8.3CVSS6AI score0.00408EPSS
Exploits1References2
CVE
CVE
added 2026/07/03 6:17 a.m.22 views

CVE-2026-9545

CVE-2026-9545 affects curl/libcurl when using HTTP/3 with early data and a cached SSL session. If a site is replaced by an attacker’s impostor on a second transfer, and early data is enabled while the SSL session cache is not disabled, curl may send the second request’s bytes before certificate v...

7.5CVSS5.9AI score0.00408EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/07/03 6:17 a.m.8 views

CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.9AI score0.00408EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/02 11:7 p.m.47 views

CVE-2026-13079 WatchGuard Mobile VPN with SSL Windows Client Local Privilege Escalation

A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the client is installed. This issue affects the Mobile VPN with SSL client for Windows up to and...

7.3CVSS0.00114EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:7 p.m.30 views

CVE-2026-13079

CVE-2026-13079 describes a local privilege escalation in the WatchGuard Mobile VPN with SSL client for Windows . The issue allows a local attacker to escalate to NT AUTHORITY\SYSTEM on the machine hosting the Windows client. Affected scope includes the Windows client versions up to and including ...

7.8CVSS5.8AI score0.00114EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/02 5:17 p.m.7 views

CVE-2026-55952

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS0.00487EPSS
Exploits0References7
NVD
NVD
added 2026/07/02 5:17 p.m.8 views

CVE-2026-54887

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS0.00243EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 5:17 p.m.6 views

UBUNTU-CVE-2026-54887

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS6AI score0.00243EPSS
Exploits0References8
OSV
OSV
added 2026/07/02 5:17 p.m.3 views

UBUNTU-CVE-2026-55950

Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...

8.7CVSS6AI score0.00384EPSS
Exploits0References8
Rows per page
Query Builder