CVE search results

111 – 120 of 37592 results

Detailed view

Sort by:

Status is adjusted based on your filters.

CVE-2026-41840

Medium priority

Needs evaluation

Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

1 affected package

libspring-java

Package	24.04 LTS
libspring-java	Needs evaluation

CVE-2026-41839

Medium priority

Needs evaluation

A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected...

1 affected package

libspring-java

Package	24.04 LTS
libspring-java	Needs evaluation

CVE-2026-41838

Medium priority

Needs evaluation

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0...

1 affected package

libspring-java

Package	24.04 LTS
libspring-java	Needs evaluation

CVE-2026-35188

Medium priority

Not affected

Double-free When Checking OCSP Stapled Response

5 affected packages

openssl, openssl-fips, openssl1.0, nodejs, edk2

Package	24.04 LTS
openssl	Not affected
openssl-fips	Not affected
openssl1.0	Not in release
nodejs	Not affected
edk2	Not affected

CVE-2026-34356

Medium priority

Needs evaluation

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to...

1 affected package

apache2

Package	24.04 LTS
apache2	Needs evaluation

CVE-2026-34355

Medium priority

Needs evaluation

A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

1 affected package

apache2

Package	24.04 LTS
apache2	Needs evaluation

CVE-2026-34183

Medium priority

Not affected

Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

5 affected packages

openssl, openssl-fips, openssl1.0, nodejs, edk2

Package	24.04 LTS
openssl	Not affected
openssl-fips	Not affected
openssl1.0	Not in release
nodejs	Not affected
edk2	Not affected

CVE-2026-34182

Medium priority

Some fixes available 1 of 2

CMS AuthEnvelopedData Processing May Accept Forged Messages

5 affected packages

openssl, openssl-fips, openssl1.0, nodejs, edk2

Package	24.04 LTS
openssl	Fixed
openssl-fips	Not in release
openssl1.0	Not in release
nodejs	Not affected
edk2	Needs evaluation

CVE-2026-34181

Low priority

Not affected

PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

5 affected packages

openssl, openssl-fips, openssl1.0, nodejs, edk2

Package	24.04 LTS
openssl	Not affected
openssl-fips	Not affected
openssl1.0	Not in release
nodejs	Not affected
edk2	Not affected

CVE-2026-34180

Low priority

Some fixes available 1 of 2

Heap Buffer Over-read in ASN.1 Content Parsing

5 affected packages

openssl, openssl-fips, openssl1.0, nodejs, edk2

Package	24.04 LTS
openssl	Fixed
openssl-fips	Not in release
openssl1.0	Not in release
nodejs	Not affected
edk2	Needs evaluation

Export to JSON

Results by page:

Search CVE reports