Lucene search
K

5 matches found

Cvelist
Cvelist
added 6 days ago27 views

CVE-2026-14440 Cloudflare Universal SSL automatically managed CAA RRset supersedes customer-configured CAA records

Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...

7.6CVSS0.00135EPSS
Exploits0References4
OSV
OSV
added 2025/07/31 9:15 p.m.4 views

DEBIAN-CVE-2025-45768

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

7CVSS5.2AI score0.0016EPSS
Exploits0References1
PyPA
PyPA
added 2025/07/31 9:15 p.m.9 views

PYSEC-2025-183

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

7CVSS5.8AI score0.0016EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/03 5:8 a.m.24 views

Security Bulletin: TLS padding vulnerability affects Communications Server for Data Center Deployment, Communications Server for AIX, Communications Server for Linux, and Communications Server for Linux on System z (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects Communications Server for Data Center Deployment, Communications Server for AIX, Communications Server for Linux, and Communications Server for Linux on Syste...

4.3CVSS0.4AI score0.1372EPSS
Exploits0Affected Software4
Hacker One
Hacker One
added 2018/07/19 7:20 p.m.18 views

GSA Bounty: Redirect on authorization allows account compromise

Login.gov had a bug in validating the redirecturi in the /openidconnect/authorize endpoint, which allowed specially crafted subdomains to be incorrectly validated when they began with a valid hostname. For example, a redirecturi with a hostname of agency.gov.example.com would validate a URL as if...

2.4AI score
Exploits0
Rows per page
Query Builder