Lucene search
K

3689 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-11404

Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mgtlsserverrecvhello, which uses an attacker-controlled sessionidlen byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthenticated...

8.7CVSS0.00441EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 4 days ago3 views

netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS Transport Layer Security ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service DoS due to excessive memor...

7.5CVSS6AI score0.00461EPSS
Exploits0References7
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42605

Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mgtlsserverrecvhello, which uses an attacker-controlled sessionidlen byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthenticated...

8.7CVSS6.2AI score0.00441EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-11404 Cesanta Mongoose before 7.22 Out-of-Bounds Read in MG_TLS_BUILTIN ClientHello Session ID Parsing

Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mgtlsserverrecvhello, which uses an attacker-controlled sessionidlen byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthenticated...

8.7CVSS0.00441EPSS
Exploits0References4
CVE
CVE
added 4 days ago10 views

CVE-2026-11404

Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg_tls_server_recv_hello(), which uses an attacker-controlled session_id_len byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthent...

8.7CVSS6.2AI score0.00441EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 4 days ago6 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7AI score0.00615EPSS
Exploits0References8
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42535

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...

8.3CVSS6AI score0.00121EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-15165

A flaw was found in Wireshark. This vulnerability allows a remote attacker to cause a denial of service by crafting a malicious TLS Encrypted Client Hello ECH packet. When Wireshark attempts to decrypt this malformed packet, it can lead to a crash of the application, making it unavailable...

6.5CVSS5.9AI score0.00133EPSS
Exploits1References5
CVE
CVE
added 4 days ago14 views

CVE-2026-47828

The CVE affects bosh-cli versions prior to 7.10.4. During bosh create-env/delete-env, the CLI uploads CPI packages and rendered job templates to the VM’s DAV blobstore over HTTPS without verifying the server certificate, despite a CA certificate being present in the manifest. This enables a netwo...

8.9CVSS7.1AI score0.00088EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-47828 Missing TLS Certificate Verification in BOSH CLI Allows Root Code Execution via Man-in-the-Middle Credential Replay

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS0.00088EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-15165 Heap-based Buffer Overflow in Wireshark

TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

5.5CVSS0.00133EPSS
Exploits1References2
CVE
CVE
added 5 days ago11 views

CVE-2026-15165

CVE-2026-15165 affects Wireshark 4.6.0–4.6.6, where the TLS Encrypted Client Hello (ECH) decryptor can crash during decryption of a malformed packet, leading to a denial of service. Root cause: crash in the TLS ECH decryptor component. Impact: application crash and denial of service. CVSSv3.1 bas...

5.5CVSS5.9AI score0.00133EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 5 days ago4 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
CVE
CVE
added 5 days ago21 views

CVE-2026-42505

CVE-2026-42505 describes a privacy leakage in handshakes using Encrypted Client Hello (ECH) , where a passive observer can de-anonymize connections due to disclosure of pre-shared key (PSK) identities in the unencrypted ClientHello. The vulnerability is documented across multiple sources (NVD, EU...

5.3CVSS5.9AI score0.00419EPSS
Exploits0References4
CVE
CVE
added 5 days ago18 views

CVE-2026-55436

The CVE-2026-55436 issue affects Coder’s AI Bridge Proxy (aibridgeproxyd) in versions prior to 2.32.7, 2.33.8, and 2.34.2. The root cause is that the proxy’s default goproxy transport uses InsecureSkipVerify: true and only switches to a secure transport if an upstream proxy is configured; thus ou...

7.4CVSS6AI score0.00258EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56592

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.6 Description A crash in the TLS ECH decryptor allows a denial of service. Encrypted Client Hello ECH is a TLS extension that encrypts the Client Hello message to protect client privacy. Recommendations...

7.5CVSS6.1AI score0.00133EPSS
Exploits1References4
NOZOMI
NOZOMI
added 6 days ago4 views

Disabled and non-configurable TLS certificate validation in n2os-tui when connecting the Remote Collector to a Guardian or CMC, in Remote Collector before v26.2.0

Summary When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. Impact A malicious actor could perform a man-in-the-middle attack and intercept the...

8.3CVSS6AI score0.00121EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added last week4 views

CVE-2026-8286

A flaw was found in curl. When a new data transfer attempts to upgrade its connection using STARTTLS, it may incorrectly reuse an existing live connection. This reuse can occur even if the Transport Layer Security TLS configuration of the new transfer does not match the existing connection,...

8.1CVSS5.8AI score0.0052EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added last week6 views

Coder's AI Bridge Proxy skips TLS certificate verification in default configuration

Summary The AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a secure transport when an upstream proxy was configured. In the default configuration no upstream proxy, outbound HTTPS to the Coder access URL accepted any...

7.4CVSS6AI score0.00258EPSS
Exploits0References3Affected Software1
NVD
NVD
added last week6 views

CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

7.5CVSS0.00549EPSS
Exploits0References1
Rows per page
Query Builder