Lucene search
K

60 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Siemens SIMATIC S7-1500 TM MFP Use After Free (CVE-2026-28387)

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS7.6AI score0.00631EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 12:25 p.m.6 views

OESA-2026-2621 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may resul...

8.1CVSS9AI score0.00885EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:25 p.m.6 views

OESA-2026-2620 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may resul...

8.1CVSS9AI score0.00885EPSS
Exploits0References3
OSV
OSV
added 2026/04/27 6:33 p.m.6 views

JLSEC-2026-272

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS6.2AI score0.00631EPSS
Exploits0References6
OSV
OSV
added 2026/04/25 5:49 a.m.8 views

OESA-2026-2045 openssl security update

Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of...

8.1CVSS6.5AI score0.00885EPSS
Exploits0References5
OSV
OSV
added 2026/04/25 5:49 a.m.10 views

OESA-2026-2043 openssl security update

Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of...

9.8CVSS6.8AI score0.00981EPSS
Exploits0References7
OSV
OSV
added 2026/04/25 5:49 a.m.10 views

OESA-2026-2042 openssl security update

Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of...

9.8CVSS6.8AI score0.00981EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/04/07 11:27 p.m.5 views

SUSE CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

6.5CVSS6.2AI score0.00631EPSS
Exploits0References19
NVD
NVD
added 2026/04/07 10:16 p.m.5 views

CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS0.00631EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/07 10:0 p.m.3 views

CVE-2026-28387 Potential Use-after-free in DANE Client Code

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

6.2AI score0.00631EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/04/07 10:0 p.m.11 views

CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS6.3AI score0.00631EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/07 10:0 p.m.27 views

CVE-2026-28387 Potential Use-after-free in DANE Client Code

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

0.00631EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.8 views

mod_gnutls 信任管理问题漏洞

modgnutls is a GnuTLS-based TLS module for Apache HTTPD developed by Airtower developers. Versions of modgnutls prior to 0.13.0 had a trust management vulnerability. This vulnerability stemmed from the lack of checking extended key usages during client certificate verification, which could lead t...

6.8CVSS5.8AI score0.00205EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000753 advisory. Multiple heap-based buffer overflows in the hiddevioctlusage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a...

7.8CVSS6.9AI score0.00462EPSS
Exploits0References33
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-44635

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.002EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28007

Malicious code in bioql PyPI...

2.3CVSS6.3AI score0.00196EPSS
Exploits0References4
Veracode
Veracode
added 2025/09/05 9:32 a.m.5 views

Reflected Cross-Site Scripting (Reflected XSS)

com.liferay, com.liferay.layout.taglib is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper sanitization of user input in the content page's name field, which allows an attacker to inject and execute malicious JavaScript code when a user views the "document Vi...

5.4CVSS6.7AI score0.00196EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/20 12:19 p.m.17 views

CVE-2025-43733

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...

2.3CVSS5.7AI score0.00196EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/08/18 3:30 p.m.8 views

Liferay Portal Vulnerable to Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...

5.4CVSS5.6AI score0.00196EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/18 3:30 p.m.5 views

GHSA-VHCR-HGC8-29QR Liferay Portal Vulnerable to Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...

2.3CVSS5.6AI score0.00196EPSS
Exploits0References5
Rows per page
Query Builder