Lucene search
K

1111 matches found

RedHat Linux
RedHat Linux
added 2026/06/25 5:40 p.m.7 views

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.13 Images Security Update

New images are available for Red Hat build of Keycloak 26.4.13 and Red Hat build of Keycloak 26.4.13 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

8.8CVSS5.9AI score0.00495EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.8 views

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.13 Security Update

New Red Hat build of Keycloak 26.4.13 packages are available from the Customer Portal Red Hat build of Keycloak 26.4.13 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security...

8.8CVSS5.9AI score0.00495EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 7:12 p.m.35 views

CVE-2026-48491 Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...

7.8CVSS0.00245EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerabilities in Firefox, Thunderbird, NSS

An unchecked return value in the TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox 122, Firefox ESR 115.9, and Thunderbird 115.9...

7.5CVSS7.2AI score0.01285EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Tomcat9

The “Allocation of Resources Without Limits or Throttling” vulnerability in Apache Tomcat exists. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, and from 9.0.13 through 9.0.89. The following versions were already end-of-life at the tim...

8.6CVSS7.1AI score0.01702EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 11:5 p.m.8 views

netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS Transport Layer Security ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service DoS due to excessive memor...

7.5CVSS5.4AI score0.00461EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.19 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.4.SP1 security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

10CVSS5.5AI score0.0059EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/06/16 4:53 p.m.11 views

gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol OCSP response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabl...

3.7CVSS5.4AI score0.0072EPSS
Exploits1References5
CVE
CVE
added 2026/06/16 3:42 p.m.15 views

CVE-2025-71261

The CVE-2025-71261 issue affects the SUSE Virtualization (Harvester) Rancher integration registration client, specifically the cluster-registration-url path. The root cause is an insecure TLS setup that fails to verify the remote server’s certificate, enabling MITM between SUSE Virtualization and...

8.6CVSS5.2AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 3:16 p.m.4 views

UBUNTU-CVE-2026-45416

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates...

7.5CVSS5.5AI score0.00461EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.18 views

Traefik < 2.11.38 / 3.x < 3.6.9 Multiple Vulnerabilities

The version of Traefik installed on the remote macOS host is prior to 2.11.38 or 3.x prior to 3.6.9. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the ForwardAuth middleware due to the response body from the authentication server being read entirely into memory withou...

7.5CVSS7.7AI score0.00539EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 8:56 a.m.10 views

Security Bulletin: There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-6860)

Summary There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-6860 DESCRIPTION: A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepte...

6.9CVSS5.8AI score0.00238EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.13 views

Amazon Linux 2023 : golang-github-burntsushi-toml, golang-github-burntsushi-toml-devel (ALAS2023-2026-1751)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1751 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 Within HostnameError.Error, when constructing ...

7.5CVSS7.2AI score0.01945EPSS
Exploits3References34
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.15 views

Amazon Linux 2023 : golang-github-burntsushi-toml-test, golang-github-burntsushi-toml-test-devel (ALAS2023-2026-1750)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1750 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 Within HostnameError.Error, when constructing ...

7.5CVSS7.2AI score0.01945EPSS
Exploits3References34
Amazon
Amazon
added 2026/05/26 12:0 a.m.18 views

Important: credentials-fetcher

Issue Overview: crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames,...

7.5CVSS7.4AI score0.00813EPSS
Exploits0
Amazon
Amazon
added 2026/05/26 12:0 a.m.19 views

Important: golang-github-burntsushi-toml-test

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out...

7.5CVSS7.1AI score0.01945EPSS
Exploits3
Amazon
Amazon
added 2026/05/26 12:0 a.m.18 views

Important: golang-github-cpuguy83-md2man

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out...

7.5CVSS7.1AI score0.01945EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.14 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenVPN vulnerabilities (USN-8286-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8286-1 advisory. Guannan Wang, Zhanpeng Liu, Guancheng Li, and Emma Reuter discovered that OpenVPN incorrectly handled suitably malformed...

6.9CVSS5.6AI score0.00317EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/18 9:0 a.m.14 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2026/05/12 5:51 p.m.253 views

Exploit for CVE-2026-45185

CVE-2026-45185 — "Dead.Letter" Exim Vulnerability Scanner A s...

9.8CVSS6.3AI score0.01225EPSS
Exploits2
Rows per page
Query Builder