CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

127 matches found

Github Security Blog•added 4 days ago•8 views

nebula-mesh: Session and OIDC state cookies lack the Secure attribute

internal/web/session.go and internal/web/oidc.go set HttpOnly and SameSite=Lax on every cookie but never Secure. A single plaintext request to the origin operator on a LAN, mistyped URL, HTTP→HTTPS not strictly enforced, reverse proxy misconfiguration discloses the session. Affected All released...

5.6AI score0.00031EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/05/12 12:0 a.m.•15 views

CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS6.2AI score0.00117EPSS

Exploits2References8Affected Software1

RedhatCVE•added 2026/04/10 7:7 a.m.•2 views

CVE-2026-29129

A flaw was found in Apache Tomcat. This vulnerability occurs when the configured cipher preference order is not preserved. This could allow an attacker to bypass intended security configurations, potentially leading to a weakened security posture or information disclosure. Mitigation Configure...

7.5CVSS5.9AI score0.00033EPSS

Exploits0References4

RedHat Linux•added 2026/03/05 4:42 p.m.•3 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.5AI score0.00012EPSS

Exploits1References8

RedHat Linux•added 2026/02/18 11:31 a.m.•3 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

10CVSS6.5AI score0.00012EPSS

Exploits1References8

ATTACKERKB•added 2026/02/17 6:48 p.m.•6 views

CVE-2025-66614

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...

5.5AI score0.00051EPSS

Exploits0References2Affected Software1

RedHat Linux•added 2026/02/16 10:32 a.m.•3 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

10CVSS6.5AI score0.00012EPSS

Exploits1References8

OSV•added 2026/02/05 5:23 p.m.•3 views

GO-2026-4337 Unexpected session resumption in crypto/tls

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

10CVSS5.5AI score0.00012EPSS

Exploits1References3

RedhatCVE•added 2026/01/09 12:31 p.m.•21 views

CVE-2023-4326

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites...

7.5CVSS7AI score0.00105EPSS

Exploits0References1

NVD•added 2026/01/08 10:15 a.m.•2 views

CVE-2025-14017

When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...

6.3CVSS0.00003EPSS

Exploits0References3

RedhatCVE•added 2026/01/07 9:29 a.m.•6 views

CVE-2019-16179

Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration...

5.3CVSS6.9AI score0.00195EPSS

Exploits0References1

CVE•added 2025/10/29 4:37 p.m.•13 views

CVE-2025-12478

CVE-2025-12478 concerns a non-compliant TLS configuration affecting Azure Access Technology BLU-IC2 and BLU-IC4 up to version 1.19.5. The PT-security advisory specifies affected versions as BLU-IC2 and BLU-IC4 through 1.19.5 and recommends upgrading to a version later than 1.19.5. Other connected...

10CVSS6.6AI score0.00038EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/10/29 12:0 a.m.•3 views

PT-2025-44317

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software exhibits a non-compliant TLS configuration. Recommendations Update BLU-IC2 to a version later than 1.19.5. Update BLU-IC4 to a version later than 1.19.5...

10CVSS6.6AI score0.00038EPSS

Exploits0References6