91392 matches found
SUSE SLES15 Security Update : openssl-1_1-livepatches (SUSE-SU-2026:2410-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2410-1 advisory. This update for openssl-11-livepatches fixes the following issues - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. Tenable has...
User Impersonation
Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to User Impersonation via insufficient validation of proxy-related HTTP headers. An attacker can spoof client IP addresses, hostnames, or protocols by...
Astra Linux – Vulnerability in busybox
Busybox contains a vulnerability related to SSL certificate validation. This vulnerability exists in the “busybox wget” applet, and it can lead to the execution of arbitrary code. This vulnerability appears to be exploitable by simply downloading any file over an HTTPS connection using “busybox...
Astra Linux – Vulnerability in Maven
Apache Maven will no longer follow repositories that are defined in a dependency’s Project Object Model pom, which may be surprising to some users. This change introduces potential risks if a malicious actor takes control of such repositories or gains access to pretend to be those repositories...
netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers
A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested PP2TYPESSL type-length-value TLV records. This can lead to a memory leak, causing the underlying cumulation...
Security Bulletin: Vulnerability in edk2 affects IBM Netezza Appliance
Summary The edk2 package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-9230 Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigge...
netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers
A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested PP2TYPESSL type-length-value TLV records. This can lead to a memory leak, causing the underlying cumulation...
RLSA-2026:26275 Important: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Use After Free with SSLfreebuffers CVE-2024-4741 openssl: Heap Use-After-Free in OpenSSL...
Important: Red Hat Security Advisory: 389-ds-base security, bug fix, and enhancement update
An update for 389-ds-base is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
openssl: Use After Free with SSL_free_buffers
A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSLfreebuffers function may cause memory to be accessed that was previously freed in some situations...
BIT-DISCOURSE-2026-44784 Discourse: Non-staff group owners can see email password in plaintext through group history
Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext via the group history...
Fortinet FortiOS - Credentials Disclosure
Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a...
SUSE CVE-2026-44893
Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...
SUSE CVE-2026-45416
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates...
RHEL 8 : openssl (RHSA-2026:26275)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26275 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...
CVE-2026-48970
Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...
CVE-2026-48970 WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...
CVE-2026-48970
The CVE affects WordPress the Really Simple SSL plugin (versions
CVE-2026-48970 WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...
EUVD-2026-36866
Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...