Lucene search
+L

143 matches found

CVE
CVE
added yesterday20 views

CVE-2026-15925

The CVE-2026-15925 entry describes an Improper TLS hostname verification vulnerability in Snowflake Connector for Python and affects versions prior to 4.7.1. An on-path attacker who can intercept traffic could bypass hostname validation during HTTPS connections by presenting a certificate from an...

9.2CVSS6.2AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday22 views

CVE-2026-15925 Improper TLS Hostname Verification in Snowflake Connector for Python

Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 and 3.18.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this b...

9.2CVSS0.0017EPSS
Exploits0References2
OSV
OSV
added yesterday5 views

RLSA-2026:39868 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

8.1CVSS6.5AI score0.02806EPSS
Exploits1References16
OSV
OSV
added 2026/07/08 12:6 p.m.6 views

RLSA-2026:35842 Important: nodejs22 security, bug fix, and enhancement update

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

8.1CVSS6.6AI score0.02806EPSS
Exploits1References14
Rockylinux
Rockylinux
added 2026/07/07 12:3 a.m.9 views

nodejs:22 security, bug fix, and enhancement update

An update is available for nodejs, module.nodejs, nodejs-packaging, nodejs-nodemon, module.nodejs-packaging, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS6.6AI score0.02806EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/07/06 5:32 a.m.7 views

nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch

A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS Transport Layer Security hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security...

7.7CVSS5.9AI score0.02486EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 12:0 a.m.8 views

ALSA-2026:35892 Important: nodejs:22 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS7.1AI score0.02806EPSS
Exploits1References28
OSV
OSV
added 2026/06/29 5:48 a.m.5 views

BIT-NODE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS7.1AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 5:48 a.m.7 views

BIT-NODE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS7.1AI score0.02486EPSS
Exploits0References15
OSV
OSV
added 2026/06/26 2:16 a.m.5 views

ALPINE-CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.2AI score0.00405EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 1:14 a.m.126 views

CVE-2026-48930

CVE-2026-48930 affects Node.js 22.x, 24.x, and 26.x due to a flaw in TLS hostname handling where embedded-nul hostnames cause silent authority rebinding from c-string truncation in resolver bindings. Affected components are within Node.js TLS hostname resolution/verification paths. The vulnerabil...

9.8CVSS6.6AI score0.00405EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/26 1:14 a.m.2 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.6CVSS6.8AI score0.00405EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 1:14 a.m.3 views

CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS7.1AI score0.02486EPSS
Exploits0References17
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:14 a.m.12 views

CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS6.7AI score0.02486EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 6:8 a.m.4 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and ifix Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used,...

9.1CVSS5.9AI score0.01127EPSS
Exploits3Affected Software1
CVE
CVE
added 2026/06/22 4:34 p.m.39 views

CVE-2026-54275

CVE-2026-54275 (aiohttp) affects the aiohttp package prior to 3.14.1. The issue is a TLS server_hostname SNI check bypass that occurs when an existing connection is reused for multiple requests with different per-request server_hostname values. As a result, later requests to the same domain may r...

7.5CVSS5.8AI score0.00266EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/06/12 4:39 p.m.5 views

Improper Verification of Cryptographic Signature

Overview io.netty:netty-handler is a library that provides an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which...

8.7CVSS5.3AI score0.00269EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

openSUSE 16 Security Update : erlang (openSUSE-SU-2026:20907-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20907-1 advisory. This update for erlang fixes the following issues - CVE-2025-4748: improper limitation of a pathname may lead to path traversal bsc1244642. -...

8.1CVSS5.6AI score0.00354EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.22 views

PT-2026-46260

Name of the Vulnerable Software and Affected Versions oslo.messaging versions 1.0.0 through 17.3.0 Description The RabbitMQ driver in oslo.messaging fails to perform TLS hostname verification when connecting to the message broker. While the driver enables certificate chain validation when ssl ca...

7.4CVSS5.5AI score0.0016EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/01 7:12 a.m.13 views

EUVD-2026-33569

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS5.8AI score0.00182EPSS
Exploits0References1
Rows per page
Query Builder