CVE-2026-57289

Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to...

Malicious code in pretie_x1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6308c285cb943f91fc16f7872bce135b8347b827139f5ad0cf8706ba992f104 Package masquerades as the prettier formatter name pretiex1, description "Opinionated code formatter for modern JavaScript and TypeScript.", keywords...

SUSE CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

CVE-2026-40994

Summary: CVE-2026-40994 affects Spring Web Services where Wss4jSecurityInterceptor initializes its BSP flag to disable BSP enforcement on inbound data, weakening protocol-level WS-Security checks. Affected versions: Spring Web Services 5.0.0–5.0.1; 4.1.0–4.1.3; 4.0.0–4.0.18; 3.1.0–3.1.8. Impact (...

Linux Distros Unpatched Vulnerability : CVE-2026-42764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation...

CVE-2026-41714

Spring AMQP 2.4.x/3.1.x/3.2.x/4.0.x (versions 2.4.0–2.4.17, 3.1.0–3.1.15, 3.2.0–3.2.10, 4.0.0–4.0.3) are affected by CVE-2026-41714. The issue occurs when a broker connection is configured via RabbitConnectionFactoryBean.setUri("amqps://...") without calling setUseSSL(true). This leads to TLS enc...

CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

CVE-2026-32992

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials...

CVE-2026-40946

Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelate...

CVE-2026-50208

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

CVE-2026-45574

The CVE affects the epa4all-client Java library (for epa4all / ePA 3.0). Before version 1.2.2, a network-path attacker could present any TLS certificate (self-signed/expired/wrong CN) and intercept SOAP traffic, exposing KVNRs, SMC-B authentication/signing, document content, and credential exchan...

Malicious code in bricks-builder-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ad643457c1104b8f118971a9ee95702f2126a16f33a4ec9dfd8ed21c43fc1eb bricks-builder-mcp is a Model Context Protocol server exposing WordPress/Bricks Builder editing tools page JSON edits, media uploads, custom CSS/JS...

epa4all-client: TLS Certificate Validation Disabled in Production

Impact An attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient identifiers KVNR, SMC-B card operations authentication, signing, document content, and credential...

SUSE CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

CVE-2026-44312

CVE-2026-44312 affects the Ruby CSS Parser gem. Prior to 2.1.0 and 1.22.0, the library does not validate HTTPS connections (OpenSSL::SSL::VERIFY_NONE), allowing a MITM attacker to inject/modify CSS content when loading stylesheets over HTTPS. The issue is fixed in 2.1.0 and 1.22.0. Remediation: u...

CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

UBUNTU-CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...