24h | 7d | 30d

CVE-2026-44186

Overview

  • Apache Software Foundation
  • Apache HTTP Server
08 Jun 2026
Published
09 Jun 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
SIOSセキュリティブログを更新しました。 Apacheの脆弱性(Moderate: CVE-2026-34355, CVE-2026-42535, CVE-2026-43951, CVE-2026-44119, CVE-2026-44186, CVE-2026-49975, Low:複数)と2.4.68リリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #apache security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-42535

Overview

  • Apache Software Foundation
  • Apache HTTP Server
08 Jun 2026
Published
09 Jun 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
SIOSセキュリティブログを更新しました。 Apacheの脆弱性(Moderate: CVE-2026-34355, CVE-2026-42535, CVE-2026-43951, CVE-2026-44119, CVE-2026-44186, CVE-2026-49975, Low:複数)と2.4.68リリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #apache security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-34355

Overview

  • Apache Software Foundation
  • Apache HTTP Server
08 Jun 2026
Published
08 Jun 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
SIOSセキュリティブログを更新しました。 Apacheの脆弱性(Moderate: CVE-2026-34355, CVE-2026-42535, CVE-2026-43951, CVE-2026-44119, CVE-2026-44186, CVE-2026-49975, Low:複数)と2.4.68リリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #apache security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-15467

Overview

  • OpenSSL
  • OpenSSL
27 Jan 2026
Published
09 Jun 2026
Updated
CVSS
Pending
EPSS
2.89%
KEV

Description

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-064
METTLER TOLEDO: LabX Standard Report on External Component Analysis - v21.3

Multiple vulnerabilities have been discovered in LabX Standard v21.3.22. Most of the vulnerabilities are fixed in LabX Standard v21.4.23. The Vulnerabilities CVE-2025-69419, CVE-2026-0915, CVE-2025-15467 and CVE-2025-58187 are not yet fixed. The fix will be available in the upcoming releases.
CVE-2025-68121, CVE-2018-15727, CVE-2025-15467, CVE-2023-36414, CVE-2024-0056, CVE-2025-68154, CVE-2026-24737, CVE-2021-24112, CVE-2025-58187, CVE-2025-9230, CVE-2025-15281, CVE-2026-21218, CVE-2026-26127, CVE-2026-26130, CVE-2026-0915, CVE-2026-2391, CVE-2026-22036, CVE-2024-43483, CVE-2023-29331, CVE-2025-69419, CVE-2025-46817

certvde.com/en/advisories/vde-

mettler-toledo.csaf-tp.certvde

  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-24737

Overview

  • parallax
  • jsPDF
02 Feb 2026
Published
03 Feb 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.02%
KEV

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. The vulnerability has been fixed in jsPDF@4.1.0.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-064
METTLER TOLEDO: LabX Standard Report on External Component Analysis - v21.3

Multiple vulnerabilities have been discovered in LabX Standard v21.3.22. Most of the vulnerabilities are fixed in LabX Standard v21.4.23. The Vulnerabilities CVE-2025-69419, CVE-2026-0915, CVE-2025-15467 and CVE-2025-58187 are not yet fixed. The fix will be available in the upcoming releases.
CVE-2025-68121, CVE-2018-15727, CVE-2025-15467, CVE-2023-36414, CVE-2024-0056, CVE-2025-68154, CVE-2026-24737, CVE-2021-24112, CVE-2025-58187, CVE-2025-9230, CVE-2025-15281, CVE-2026-21218, CVE-2026-26127, CVE-2026-26130, CVE-2026-0915, CVE-2026-2391, CVE-2026-22036, CVE-2024-43483, CVE-2023-29331, CVE-2025-69419, CVE-2025-46817

certvde.com/en/advisories/vde-

mettler-toledo.csaf-tp.certvde

  • 0
  • 0
  • 0
  • 13h ago

CVE-2023-36414

Overview

  • Microsoft
  • Azure Identity SDK for .NET
10 Oct 2023
Published
14 Apr 2025
Updated
CVSS v3.1
HIGH (8.8)
EPSS
2.46%
KEV

Description

Azure Identity SDK Remote Code Execution Vulnerability

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-064
METTLER TOLEDO: LabX Standard Report on External Component Analysis - v21.3

Multiple vulnerabilities have been discovered in LabX Standard v21.3.22. Most of the vulnerabilities are fixed in LabX Standard v21.4.23. The Vulnerabilities CVE-2025-69419, CVE-2026-0915, CVE-2025-15467 and CVE-2025-58187 are not yet fixed. The fix will be available in the upcoming releases.
CVE-2025-68121, CVE-2018-15727, CVE-2025-15467, CVE-2023-36414, CVE-2024-0056, CVE-2025-68154, CVE-2026-24737, CVE-2021-24112, CVE-2025-58187, CVE-2025-9230, CVE-2025-15281, CVE-2026-21218, CVE-2026-26127, CVE-2026-26130, CVE-2026-0915, CVE-2026-2391, CVE-2026-22036, CVE-2024-43483, CVE-2023-29331, CVE-2025-69419, CVE-2025-46817

certvde.com/en/advisories/vde-

mettler-toledo.csaf-tp.certvde

  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-68121

Overview

  • Go standard library
  • crypto/tls
  • crypto/tls
05 Feb 2026
Published
29 Apr 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-064
METTLER TOLEDO: LabX Standard Report on External Component Analysis - v21.3

Multiple vulnerabilities have been discovered in LabX Standard v21.3.22. Most of the vulnerabilities are fixed in LabX Standard v21.4.23. The Vulnerabilities CVE-2025-69419, CVE-2026-0915, CVE-2025-15467 and CVE-2025-58187 are not yet fixed. The fix will be available in the upcoming releases.
CVE-2025-68121, CVE-2018-15727, CVE-2025-15467, CVE-2023-36414, CVE-2024-0056, CVE-2025-68154, CVE-2026-24737, CVE-2021-24112, CVE-2025-58187, CVE-2025-9230, CVE-2025-15281, CVE-2026-21218, CVE-2026-26127, CVE-2026-26130, CVE-2026-0915, CVE-2026-2391, CVE-2026-22036, CVE-2024-43483, CVE-2023-29331, CVE-2025-69419, CVE-2025-46817

certvde.com/en/advisories/vde-

mettler-toledo.csaf-tp.certvde

  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-68154

Overview

  • sebhildebrandt
  • systeminformation
16 Dec 2025
Published
17 Dec 2025
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.05%
KEV

Description

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this function. The actual exploitability depends on how applications use this function. If an application does not pass user-controlled input to `fsSize()`, it is not vulnerable. Version 5.27.14 contains a patch.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-064
METTLER TOLEDO: LabX Standard Report on External Component Analysis - v21.3

Multiple vulnerabilities have been discovered in LabX Standard v21.3.22. Most of the vulnerabilities are fixed in LabX Standard v21.4.23. The Vulnerabilities CVE-2025-69419, CVE-2026-0915, CVE-2025-15467 and CVE-2025-58187 are not yet fixed. The fix will be available in the upcoming releases.
CVE-2025-68121, CVE-2018-15727, CVE-2025-15467, CVE-2023-36414, CVE-2024-0056, CVE-2025-68154, CVE-2026-24737, CVE-2021-24112, CVE-2025-58187, CVE-2025-9230, CVE-2025-15281, CVE-2026-21218, CVE-2026-26127, CVE-2026-26130, CVE-2026-0915, CVE-2026-2391, CVE-2026-22036, CVE-2024-43483, CVE-2023-29331, CVE-2025-69419, CVE-2025-46817

certvde.com/en/advisories/vde-

mettler-toledo.csaf-tp.certvde

  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-58187

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509
29 Oct 2025
Published
20 Nov 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-064
METTLER TOLEDO: LabX Standard Report on External Component Analysis - v21.3

Multiple vulnerabilities have been discovered in LabX Standard v21.3.22. Most of the vulnerabilities are fixed in LabX Standard v21.4.23. The Vulnerabilities CVE-2025-69419, CVE-2026-0915, CVE-2025-15467 and CVE-2025-58187 are not yet fixed. The fix will be available in the upcoming releases.
CVE-2025-68121, CVE-2018-15727, CVE-2025-15467, CVE-2023-36414, CVE-2024-0056, CVE-2025-68154, CVE-2026-24737, CVE-2021-24112, CVE-2025-58187, CVE-2025-9230, CVE-2025-15281, CVE-2026-21218, CVE-2026-26127, CVE-2026-26130, CVE-2026-0915, CVE-2026-2391, CVE-2026-22036, CVE-2024-43483, CVE-2023-29331, CVE-2025-69419, CVE-2025-46817

certvde.com/en/advisories/vde-

mettler-toledo.csaf-tp.certvde

  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-22036

Overview

  • nodejs
  • undici
14 Jan 2026
Published
22 Jan 2026
Updated
CVSS v3.1
MEDIUM (5.9)
EPSS
0.02%
KEV

Description

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerability is fixed in 7.18.0 and 6.23.0.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-064
METTLER TOLEDO: LabX Standard Report on External Component Analysis - v21.3

Multiple vulnerabilities have been discovered in LabX Standard v21.3.22. Most of the vulnerabilities are fixed in LabX Standard v21.4.23. The Vulnerabilities CVE-2025-69419, CVE-2026-0915, CVE-2025-15467 and CVE-2025-58187 are not yet fixed. The fix will be available in the upcoming releases.
CVE-2025-68121, CVE-2018-15727, CVE-2025-15467, CVE-2023-36414, CVE-2024-0056, CVE-2025-68154, CVE-2026-24737, CVE-2021-24112, CVE-2025-58187, CVE-2025-9230, CVE-2025-15281, CVE-2026-21218, CVE-2026-26127, CVE-2026-26130, CVE-2026-0915, CVE-2026-2391, CVE-2026-22036, CVE-2024-43483, CVE-2023-29331, CVE-2025-69419, CVE-2025-46817

certvde.com/en/advisories/vde-

mettler-toledo.csaf-tp.certvde

  • 0
  • 0
  • 0
  • 13h ago
Showing 71 to 80 of 94 CVEs