Traefik < 2.11.38 / 3.x < 3.6.9 Multiple Vulnerabilities

The version of Traefik installed on the remote macOS host is prior to 2.11.38 or 3.x prior to 3.6.9. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the ForwardAuth middleware due to the response body from the authentication server being read entirely into memory withou...

Security Bulletin: There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-6860)

Summary There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-6860 DESCRIPTION: A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepte...

Amazon Linux 2023 : golang-github-burntsushi-toml, golang-github-burntsushi-toml-devel (ALAS2023-2026-1751)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1751 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 Within HostnameError.Error, when constructing ...

Important: credentials-fetcher

Issue Overview: crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames,...

Important: golang-github-burntsushi-toml-test

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out...

Amazon Linux 2023 : golang-github-burntsushi-toml-test, golang-github-burntsushi-toml-test-devel (ALAS2023-2026-1750)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1750 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 Within HostnameError.Error, when constructing ...

Important: golang-github-cpuguy83-md2man

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenVPN vulnerabilities (USN-8286-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8286-1 advisory. Guannan Wang, Zhanpeng Liu, Guancheng Li, and Emma Reuter discovered that OpenVPN incorrectly handled suitably malformed...

Astra Linux - уязвимость в tomcat9

There is a vulnerability in Apache Tomcat known as “Allocation of Resources Without Limits or Throttling”. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, and from 9.0.13 through 9.0.89. The following versions were already discontinued...

Astra Linux - уязвимость в firefox, thunderbird, nss

An unchecked return value in the TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox 122, Firefox ESR 115.9, and Thunderbird 115.9...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

Exploit for CVE-2026-45185

CVE-2026-45185 — "Dead.Letter" Exim Vulnerability Scanner A s...

Allocation of Resources Without Limits or Throttling

Overview io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling during the TLS handshake process, where the SslContext cache can be forced to grow indefinitely. The...

CVE-2026-6860

CVE-2026-6860 describes a TLS SNI handling weakness where a TCP client can present an SNI that matches a server wildcard certificate (e.g., *.example.com) and be accepted by the server, allowing any XYZ.example.com under the wildcard to be used. The CVSS 4.0 vector yields a NETWORK, LOW complexit...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the TLS handshake process. An attacker can cause worker connection handling to block by opening a connection to the authentication listener and delaying or withholding the client...

CVE-2026-7776

Boundary Community Edition and Boundary Enterprise “Boundary” workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate...

CVE-2026-7776 Boundary Workers Vulnerable to Denial of Service During TLS Handshake

Boundary Community Edition and Boundary Enterprise “Boundary” workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

PT-2026-36926

Name of the Vulnerable Software and Affected Versions Boundary Community Edition versions prior to 0.21.3 Boundary Community Edition versions prior to 0.20.3 Boundary Community Edition versions prior to 0.19.5 Boundary Enterprise versions prior to 0.21.3 Boundary Enterprise versions prior to 0.20...

Incorrect Behavior Order: Early Validation

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Early Validation in the OCSP stapling process. An attacker can cause a client to accept a revoked server certificate by presenting a specially crafted multi-record OCSP response during a TLS handshake...