91388 matches found
VulnCheck KEV: CVE-2026-48969
Subscriber Broken Access Control in Really Simple SSL = 9.5.9 versions...
PT-2026-49496
Name of the Vulnerable Software and Affected Versions Really Simple SSL versions prior to 9.5.11 Description Broken authentication allows unauthenticated users to bypass security controls. Recommendations Update to version 9.5.11 or later...
SUSE SLES15 Security Update : nginx (SUSE-SU-2026:2370-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2370-1 advisory. This update for nginx fixes the following issues - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a...
SUSE CVE-2026-45446
Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...
EUVD-2026-36587
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...
CVE-2026-50010
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...
CVE-2026-48059
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...
UBUNTU-CVE-2026-50010
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...
UBUNTU-CVE-2026-44893
Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...
CVE-2026-48059
Netty HAProxy: In Netty’s HAProxy PROXY protocol v2 codec, a memory leak occurs on each connection when a syntactically valid nested PP2_TYPE_SSL TLV (depth ≥ 2) is provided. This affects Netty versions 4.1.135.Final and 4.2.15.Final. The leak happens on the successful parse path: the message is ...
EulerOS Virtualization 2.13.1 : openssl (EulerOS-SA-2026-2383)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can...
GHSA-V446-XWFM-X7MR vulnerabilities
Vulnerabilities for packages: openssl...
Security update for nginx
This update for nginx fixes the following issues CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration with overlapping captures bsc1266215. CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415...
SUSE-SU-2026:2370-1 Security update for nginx
This update for nginx fixes the following issues - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration with overlapping captures bsc1266215. - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. -...
openssl: AES-OCB IV Ignored on EVP_Cipher() Path
A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface EVPCipher will have their provided Initialization Vector IV silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the...
CVE-2026-40992
CVE-2026-40992 concerns Spring Boot's Mail auto-configuration not enabling hostname verification by default. Affected: Spring Boot 4.0.0–4.0.6; 3.5.0–3.5.14; 3.4.0–3.4.16. The issue: hostname verification is not enabled; applications that explicitly set spring.mail.properties.mail.smtp.ssl.checks...
Linux Distros Unpatched Vulnerability : CVE-2026-48860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN...
Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing affected by a race condition in Eclipse Jersey (CVE-2025-12383)
Summary A critical race condition CVE-2025-12383 has been identified in the Eclipse Jersey client library jersey-client-2.26.jar used by IBM Engineering Lifecycle Optimization - Engineering Publishing. Under high-concurrency conditions, a flaw in the HTTPS client's lazy initialization flow can...
CVE-2026-45447
A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...
BIT-APACHE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`
Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...