Lucene search
K

1049 matches found

Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-59692 Gstreamer: gstreamer: dtls certificate subject dn stack buffer overflow in openssl_verify_callback

A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an...

7.5CVSS0.0031EPSS
Exploits0References4
NVD
NVD
added 5 days ago5 views

CVE-2026-53624

Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol for https instead of c.Scheme. This issue is fixe...

4.8CVSS0.00207EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago8 views

Important: Red Hat Security Advisory: ruby:3.3 security update

An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

7.6CVSS6AI score0.00813EPSS
Exploits0References4
OSV
OSV
added last week3 views

GHSA-GV83-GQW6-9J2C GoFiber never set HSTS header in helmet middleware due to incorrect protocol check

Summary The helmet middleware in gofiber/fiber never sets the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is explicitly configured, because the condition check at helmet.go:67 uses c.Protocol — which returns the HTTP protocol version string e.g., "HTTP/1.1", "HTTP/2.0" —...

4.8CVSS5.9AI score0.00207EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added last week6 views

GoFiber never set HSTS header in helmet middleware due to incorrect protocol check

Summary The helmet middleware in gofiber/fiber never sets the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is explicitly configured, because the condition check at helmet.go:67 uses c.Protocol — which returns the HTTP protocol version string e.g., "HTTP/1.1", "HTTP/2.0" —...

4.8CVSS5.9AI score0.00207EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added last week7 views

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to the incorrect protocol check in the helmet middleware, which fails to set the Strict-Transport-Security header even when configured. An attacker can intercept and manipulate network...

6.3CVSS6AI score0.00207EPSS
Exploits0References2
Snyk
Snyk
added last week6 views

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to the incorrect protocol check in the helmet middleware, which fails to set the Strict-Transport-Security header even when configured. An attacker can intercept and manipulate network...

6.3CVSS6AI score0.00207EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:2 a.m.6 views

CVE-2026-46584

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

6AI score0.00378EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/06 8:2 a.m.5 views

EUVD-2026-41832

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

3.7CVSS6AI score0.00378EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/06 6:39 a.m.8 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.8AI score0.00324EPSS
Exploits0References12
AlpineLinux
AlpineLinux
added 2026/07/03 6:16 a.m.7 views

CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS6.2AI score0.00368EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:16 a.m.19 views

CVE-2026-8932

CVE-2026-8932 : The vulnerability describes incomplete mTLS config matching in libcurl’s connection reuse logic. A previously used TLS client-certificate-related setting (notably the private key) was omitted from the configuration match checks, causing connections in the pool to be reused even wh...

7.5CVSS6.2AI score0.00368EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/07/03 6:14 a.m.8 views

EUVD-2026-41503

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

5.9AI score0.0052EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-55950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all...

8.7CVSS6AI score0.00384EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/06/30 9:34 p.m.8 views

USN-8487-1: curl vulnerabilities

Andrew Nesbitt discovered that curl could reuse an existing live connection during STARTTLS-based connection upgrades even when the TLS configuration did not match. A remote attacker could possibly use this issue to cause curl to use an unintended TLS configuration. CVE-2026-8286 Muhamad Arga...

9.8CVSS6.1AI score0.0108EPSS
Exploits10
EUVD
EUVD
added 2026/06/30 3:51 p.m.8 views

EUVD-2026-40374

Nightingale n9e before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authenticated low-privilege Standard role user through POST /api/n9e/datasource/list. The route is...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References5
OSV
OSV
added 2026/06/30 12:0 a.m.5 views

ALSA-2026:33515 Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses CVE-2026-42245 ruby/net-imap: ruby: Net::IMAP: IMAP Comman...

7.6CVSS5.9AI score0.00813EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 12:5 p.m.4 views

RLSA-2026:29035 Important: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 7:21 a.m.6 views

Malicious code in subsearch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04245cd013e6aa9edb766cf14249c9dd6abd19d6beb9671c22a1a8bbbff3d511 The package's main entry index.js is the only file of substance and is wrapped in obfuscator.io string-array + RC4 obfuscation that hides every liter...

6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52587

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description A heap buffer overflow occurs in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The issue stems from an integer truncation when calculating the length of the ACK...

8.8CVSS6AI score0.00385EPSS
Exploits0References8
Rows per page
Query Builder