Lucene search
K

7 matches found

CVE
CVE
added 2026/07/03 6:14 a.m.29 views

CVE-2026-8286

CVE-2026-8286 affects the curl project where a new transfer using STARTTLS to upgrade a connection can reuse an existing live connection despite a TLS configuration mismatch. Concrete details across connected docs show curl versions affected (pre-8.21.0 for 7.30.0 specifically) and indicate the r...

8.1CVSS5.9AI score0.0052EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51745

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw exists where a new transfer utilizing STARTTLS to upgrade the connection may incorrectly reuse an existing live connection despite a mismatch in the TLS...

9.8CVSS5.7AI score0.0108EPSS
Exploits5References47
EUVD
EUVD
added 2025/11/26 3:30 a.m.5 views

EUVD-2025-199679

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

9.9CVSS8.2AI score0.02089EPSS
Exploits1References2
NVD
NVD
added 2025/11/26 1:16 a.m.7 views

CVE-2025-66253

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

9.9CVSS0.02089EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/26 12:36 a.m.2 views

CVE-2025-66253 Unauthenticated OS Command Injection (start_upgrade.php)

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

9.9CVSS8.3AI score0.02089EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/26 12:36 a.m.9 views

CVE-2025-66253 Unauthenticated OS Command Injection (start_upgrade.php)

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

9.9CVSS0.02089EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2022/02/21 8:55 a.m.8 views

ruby: StartTLS stripping vulnerability in Net::IMAP

Ruby's Net::IMAP module did not raise an exception when receiving an unexpected response to the STARTTLS command and the connection was not upgraded to use TLS. A man-in-the-middle attacker could use this flaw to prevent Ruby applications using Net::IMAP to enable TLS encryption for a connection ...

7.4CVSS7.2AI score0.02909EPSS
Exploits1References5
Rows per page
Query Builder