|
701
|
7.5 |
HIGH
Network
|
openssl
|
openssl
|
Issue summary: When a partial-chain certificate verification is enabled
together with OCSP response checking for the whole chain, a NULL dereference
will happen if the verified chain does not have a …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42765
|
2026-06-16 03:14 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
702
|
7.5 |
HIGH
Network
|
openssl
|
openssl
|
Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive
element whose content exceeds 2 gigabytes in length may cause a heap buffer
over-read on 64-bit Unix and Unix-like platfo…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34180
|
2026-06-16 03:13 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
703
|
7.4 |
HIGH
Network
|
openssl
|
openssl
|
Issue Summary: The PKCS#12 file processing fails to perform sufficient input
validation for files that use Password-Based Message Authentication Code 1
(PBMAC1) integrity mechanism allowing a certifi…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-34181
|
2026-06-16 03:13 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
704
|
9.1 |
CRITICAL
Network
|
openssl
|
openssl
|
Issue Summary: Cryptographic Message Services (CMS) processing fails to perform
sufficient input validation on the cipher and tag length fields of
AuthEnvelopedData containers, leading to various pot…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-34182
|
2026-06-16 03:13 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
705
|
7.5 |
HIGH
Network
|
openssl
|
openssl
|
Issue summary: Remote peer may exhaust heap memory of the QUIC
server or client by flooding it with packets containing PATH_CHALLENGE
frames.
Impact summary: A malicious remote peer can cause an unb…
|
CWE-1325
Improperly Controlled Sequential Memory Allocation
|
CVE-2026-34183
|
2026-06-16 03:12 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
706
|
5.0 |
MEDIUM
Network
|
openssl
|
openssl
|
Issue summary: A malicious server can exploit TLS OCSP stapling by delivering
a crafted response through the status_request extension, triggering a
double-free in the client's certificate verificatio…
|
CWE-415
Double Free
|
CVE-2026-35188
|
2026-06-16 03:12 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
707
|
5.7 |
MEDIUM
Adjacent
|
nuxt
|
nuxt\/rspack-builder
nuxt\/webpack-builder
|
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there is an incomplete …
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-49993
|
2026-06-16 03:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
708
|
9.8 |
CRITICAL
Network
|
jmespath
|
jmespath
|
jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 ca…
|
CWE-20
CWE-94
CWE-116
Improper Input Validation
Code Injection
Improper Encoding or Escaping of Output
|
CVE-2026-54133
|
2026-06-16 03:09 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
709
|
5.4 |
MEDIUM
Network
|
nuxt
|
nuxt
|
Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() with external: true generates a server-side HTML redi…
|
CWE-83
Improper Neutralization of Script in Attributes in a Web Page
|
CVE-2026-45669
|
2026-06-16 03:09 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
710
|
5.3 |
MEDIUM
Network
|
nuxt
|
nuxt
nuxt\/nitro-server
|
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0…
|
CWE-284
CWE-288
Improper Access Control
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-47200
|
2026-06-16 03:09 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
