Lucene search
+L

81 matches found

redhatcve
redhatcve
added 2 days ago4 views

CVE-2026-48978

A flaw was found in oras-go. The auth.Client in oras-go does not properly validate the scheme or host of the realm URL provided in a registry's WWW-Authenticate: Bearer challenge. A remote attacker, operating a malicious registry or performing a man-in-the-middle attack, could exploit this to...

3.1CVSS6AI score
Exploits0References4
osv
osv
added 2026/07/07 11:44 p.m.6 views

GHSA-6W3M-4HHP-775Q KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping

Summary pkg/scalers/postgresqlscaler.go builds libpq-style connection strings by concatenating key=value pairs separated by spaces. Each tenant-controllable field host, port, userName, dbName, sslmode is passed through escapePostgreConnectionParameter: go func escapePostgreConnectionParameterstr...

5.9CVSS6.1AI score
Exploits0References2
osv
osv
added 2026/07/01 9:6 p.m.5 views

GHSA-XF85-363P-868W oras-go: Malicious registry can hijack Bearer token realm to exfiltrate credentials and refresh tokens

Summary oras-go's auth.Client follows the realm URL from a registry's WWW-Authenticate: Bearer challenge without validating its scheme or host. The realm field is server-controlled by design in the OCI/distribution spec — registries legitimately point token requests at a separate auth endpoint e....

2.1CVSS5.9AI score
Exploits0References4
snyk
snyk
added 2026/06/08 11:8 p.m.3 views

Improper Restriction of Rendered UI Layers or Frames

Overview Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames due to missing security headers in the internal/web/ and internal/api/ response paths. An attacker can compromise the confidentiality and integrity of sensitive operations, such as...

7.1CVSS6AI score0.00031EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/04/01 6:16 p.m.5 views

CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

6.5CVSS5.8AI score0.00135EPSS
Exploits0References1
nessus
nessus
added 2026/02/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-26994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below...

6.5CVSS5.7AI score0.00268EPSS
Exploits0References3
osv
osv
added 2026/02/20 2:50 a.m.9 views

CVE-2026-26994 uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

6.5CVSS5.4AI score0.00268EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/02/08 1:21 a.m.7 views

CVE-2026-25644

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8...

7.5CVSS5.2AI score0.0031EPSS
Exploits0References1
nvd
nvd
added 2026/02/06 11:15 p.m.9 views

CVE-2026-25644

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8...

7.5CVSS0.0031EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/06 10:40 p.m.4 views

CVE-2026-25644

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8...

7.5CVSS5.3AI score0.0031EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/02/06 10:40 p.m.21 views

CVE-2026-25644

DataHub (open-source metadata platform) is affected by CVE-2026-25644 through the LDAP ingestion source. Prior to version 1.3.1.8, it is vulnerable to a MITM attack via TLS downgrade. The issue has been patched in DataHub 1.3.1.8. Public sources from NVD/Red Hat confirm the vulnerability and the ...

7.5CVSS5.3AI score0.0031EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/02/06 12:0 a.m.12 views

PT-2026-6808

Name of the Vulnerable Software and Affected Versions DataHub versions prior to 1.3.1.8 Description DataHub, an open-source metadata platform, has an issue in its LDAP ingestion source. Specifically, versions before 1.3.1.8 are susceptible to a man-in-the-middle MITM attack due to a TLS downgrade...

7.5CVSS5.4AI score0.0031EPSS
Exploits0References3
redhat
redhat
added 2025/10/15 4:57 p.m.4 views

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

5.7CVSS5.8AI score0.00671EPSS
Exploits0References4
redhat
redhat
added 2025/10/15 4:34 p.m.7 views

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

5.7CVSS5.8AI score0.00671EPSS
Exploits0References4
redhat
redhat
added 2025/10/15 4:33 p.m.4 views

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

5.7CVSS5.8AI score0.00671EPSS
Exploits0References4
redhat
redhat
added 2025/10/15 3:58 p.m.3 views

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

5.7CVSS5.8AI score0.00671EPSS
Exploits0References4
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-8661

Malware in sbrugna...

5.9CVSS5.7AI score0.01585EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-8659

Malware in sbrugna...

5.6CVSS4.9AI score0.00573EPSS
Exploits0References8
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5996

Malware in sbrugna...

9.1CVSS7.5AI score0.01068EPSS
Exploits0References18
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-12298

Malware in sbrugna...

5.9CVSS6AI score0.02377EPSS
Exploits0References4
Rows per page
Query Builder