Lucene search
K

91382 matches found

EUVD
EUVD
added 2026/06/12 8:23 p.m.12 views

EUVD-2026-36587

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...

6.5CVSS5.3AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 4:16 p.m.17 views

CVE-2026-50010

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...

7.5CVSS0.00269EPSS
Exploits0References11
NVD
NVD
added 2026/06/12 4:16 p.m.13 views

CVE-2026-48059

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...

8.7CVSS0.00606EPSS
Exploits0References10
OSV
OSV
added 2026/06/12 4:16 p.m.4 views

UBUNTU-CVE-2026-50010

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...

7.5CVSS5.3AI score0.00269EPSS
Exploits0References5
OSV
OSV
added 2026/06/12 3:16 p.m.5 views

UBUNTU-CVE-2026-44893

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.5AI score0.00594EPSS
Exploits0References5
CVE
CVE
added 2026/06/12 2:42 p.m.71 views

CVE-2026-48059

Netty HAProxy: In Netty’s HAProxy PROXY protocol v2 codec, a memory leak occurs on each connection when a syntactically valid nested PP2_TYPE_SSL TLV (depth ≥ 2) is provided. This affects Netty versions 4.1.135.Final and 4.2.15.Final. The leak happens on the successful parse path: the message is ...

8.7CVSS5.5AI score0.00606EPSS
Exploits0References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.12 views

EulerOS Virtualization 2.13.1 : openssl (EulerOS-SA-2026-2383)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can...

8.1CVSS6.4AI score0.00885EPSS
Exploits0References5
Wolfi
Wolfi
added 2026/06/11 7:48 p.m.10 views

GHSA-V446-XWFM-X7MR vulnerabilities

Vulnerabilities for packages: openssl...

5.4AI score
Exploits0
SUSE Linux
SUSE Linux
added 2026/06/11 1:23 p.m.8 views

Security update for nginx

This update for nginx fixes the following issues CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration with overlapping captures bsc1266215. CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415...

9.2CVSS8.2AI score0.61469EPSS
Exploits43References28
OSV
OSV
added 2026/06/11 1:23 p.m.4 views

SUSE-SU-2026:2370-1 Security update for nginx

This update for nginx fixes the following issues - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration with overlapping captures bsc1266215. - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. -...

9.2CVSS6.3AI score0.61469EPSS
Exploits43References15
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.8 views

openssl: AES-OCB IV Ignored on EVP_Cipher() Path

A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface EVPCipher will have their provided Initialization Vector IV silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the...

7.5CVSS5.5AI score0.0032EPSS
Exploits0References4
CVE
CVE
added 2026/06/11 5:3 a.m.63 views

CVE-2026-40992

CVE-2026-40992 concerns Spring Boot's Mail auto-configuration not enabling hostname verification by default. Affected: Spring Boot 4.0.0–4.0.6; 3.5.0–3.5.14; 3.4.0–3.4.16. The issue: hostname verification is not enabled; applications that explicitly set spring.mail.properties.mail.smtp.ssl.checks...

5CVSS5.5AI score0.00123EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-48860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN...

7.5CVSS6AI score0.00194EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 4:25 p.m.8 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing affected by a race condition in Eclipse Jersey (CVE-2025-12383)

Summary A critical race condition CVE-2025-12383 has been identified in the Eclipse Jersey client library jersey-client-2.26.jar used by IBM Engineering Lifecycle Optimization - Engineering Publishing. Under high-concurrency conditions, a flaw in the HTTPS client's lazy initialization flow can...

9.4CVSS7.5AI score0.00271EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/10 1:21 p.m.11 views

CVE-2026-45447

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS5.4AI score0.02719EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 8:39 a.m.9 views

BIT-APACHE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.3CVSS5.4AI score0.00598EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/10 1:13 a.m.5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the RabbitConnectionFactoryBean.setUri function when configuring a broker connection with an amqps:// URI without also invoking setUseSSLtrue. An attacker can intercept or manipulate encrypted traffic ...

6.3CVSS5.3AI score0.00132EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 a.m.10 views

CVE-2026-41714

Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri"amqps://..." without also calling setUseSSLtrue get TLS encryption with no certificate validation and no hostname verification. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1....

4CVSS0.00132EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 p.m.8 views

CVE-2026-41714 In Spring AMQP the RabbitConnectionFactoryBean.setUri("amqps://...") bypasses secure SSL setup, uses TrustEverythingTrustManager

Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri"amqps://..." without also calling setUseSSLtrue get TLS encryption with no certificate validation and no hostname verification. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1....

4CVSS5.4AI score0.00132EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:48 p.m.19 views

CVE-2026-41714

Spring AMQP 2.4.x/3.1.x/3.2.x/4.0.x (versions 2.4.0–2.4.17, 3.1.0–3.1.15, 3.2.0–3.2.10, 4.0.0–4.0.3) are affected by CVE-2026-41714. The issue occurs when a broker connection is configured via RabbitConnectionFactoryBean.setUri("amqps://...") without calling setUseSSL(true). This leads to TLS enc...

4CVSS5.5AI score0.00132EPSS
Exploits0References1
Rows per page
Query Builder