Lucene search
+L

22489 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.4 views

MiracleLinux 9 : grafana-pcp-5.1.1-15.el9_8 (AXSA:2026-1218:08)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-1218:08 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service vi...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.10 views

MiracleLinux 9 : grafana-10.2.6-22.el9_8 (AXSA:2026-1216:16)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-1216:16 advisory. grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 golang: internal/syscall/unix: Root.Chmod can...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References4
Cloud Foundry
Cloud Foundry
added 2026/07/08 12:0 a.m.4 views

CVE-2026-47828 - Missing TLS Certificate Verification in BOSH CLI Allows Root Code Execution via Man-in-the-Middle Credential Replay | Cloud Foundry

CVSS Score: High 8.9 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSSv3: High 7.1 CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Vendor BOSH-Ecosystem / BOSH bosh-cli Versions Affected Severity is High unless otherwise noted. bosh-cli – All versions prior to v7.10.4 Description...

8.9CVSS6AI score0.00148EPSS
Exploits0
OSV
OSV
added 2026/07/07 11:44 p.m.7 views

GHSA-6W3M-4HHP-775Q KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping

Summary pkg/scalers/postgresqlscaler.go builds libpq-style connection strings by concatenating key=value pairs separated by spaces. Each tenant-controllable field host, port, userName, dbName, sslmode is passed through escapePostgreConnectionParameter: go func escapePostgreConnectionParameterstr...

5.9CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/07 4:59 p.m.2 views

SUSE-SU-2026:22572-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go1.26.4 bsc1255111. Security issues fixed: - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. -...

9.8CVSS7AI score0.00939EPSS
Exploits0References53
OSV
OSV
added 2026/07/07 4:57 p.m.4 views

OPENSUSE-SU-2026:21254-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go1.26.4 bsc1255111. Security issues fixed: - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. -...

9.8CVSS6.8AI score0.00939EPSS
Exploits0References52
SUSE CVE
SUSE CVE
added 2026/07/07 3:21 p.m.8 views

SUSE CVE-2026-9697

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS6AI score0.00476EPSS
Exploits0References5
OSV
OSV
added 2026/07/07 1:43 p.m.6 views

JLSEC-2026-654 Deno's TLS retry copies stale upgrade hook, risking plaintext traffic

Summary A flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt failed, the socket reinitialization path reused a stale TLS upgrade hook tha...

9.1CVSS6AI score0.00142EPSS
Exploits1References2
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1131 Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

7.5CVSS7AI score0.01203EPSS
Exploits0References7
Rockylinux
Rockylinux
added 2026/07/07 12:3 a.m.9 views

nodejs:22 security, bug fix, and enhancement update

An update is available for nodejs, module.nodejs, nodejs-packaging, nodejs-nodemon, module.nodejs-packaging, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS6.6AI score0.02806EPSS
Exploits1
OSV
OSV
added 2026/07/07 12:3 a.m.5 views

RLSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

8.1CVSS6.5AI score0.02806EPSS
Exploits1References16
OSV
OSV
added 2026/07/07 12:3 a.m.9 views

RLSA-2026:35892 Important: nodejs:22 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

8.1CVSS6.5AI score0.02806EPSS
Exploits1References14
BDU FSTEC
BDU FSTEC
added 2026/07/07 12:0 a.m.2 views

The vulnerability of the parse_handshake_header() function in the GnuTLS cryptographic library allows a attacker to induce a service failure.

The vulnerability of the parsehandshakeheader function in the GnuTLS cryptographic library is related to integer overflow. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

7.8CVSS6.1AI score0.00805EPSS
Exploits0References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.9 views

MiracleLinux 9 : git-lfs-3.7.1-4.el9_8 (AXSA:2026-1205:08)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-1205:08 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the...

7.5CVSS7AI score0.00728EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.6 views

MiracleLinux 9 : opentelemetry-collector-0.144.0-2.el9_8 (AXSA:2026-1213:03)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-1213:03 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go:...

9.1CVSS7AI score0.01557EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/07/06 8:28 p.m.7 views

CVE-2026-8932

A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...

7.5CVSS6AI score0.00368EPSS
Exploits1References6
OSV
OSV
added 2026/07/06 5:3 p.m.6 views

GHSA-3FCV-JVFP-M4Q9 Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access

Impact When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive...

9.2CVSS5.9AI score0.0017EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 3:16 p.m.3 views

ALPINE-CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.11 views

Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS6.3AI score0.00256EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.6 views

undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy

A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...

7.4CVSS7AI score0.00476EPSS
Exploits0References6
Rows per page
Query Builder