|
251
|
4.3 |
MEDIUM
Adjacent
|
envoyproxy
|
envoy
|
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the …
New
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-47692
|
2026-06-28 05:09 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252
|
5.3 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier…
New
|
CWE-120
CWE-787
Classic Buffer Overflow
Out-of-bounds Write
|
CVE-2026-6681
|
2026-06-28 05:02 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted.
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-6731
|
2026-06-28 05:02 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254
|
5.3 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status o…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-10098
|
2026-06-28 05:01 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI…
New
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-11703
|
2026-06-28 04:59 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256
|
6.5 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
TLS 1.3 post-handshake authentication (PHA) issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth e…
New
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-55962
|
2026-06-28 04:57 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257
|
5.3 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC.
New
|
CWE-757
Algorithm Downgrade
|
CVE-2026-6092
|
2026-06-28 04:55 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer.
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-6325
|
2026-06-28 04:51 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259
|
6.5 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
PKCS#12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS#12 verify path compared the loc…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-6329
|
2026-06-28 04:51 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260
|
6.5 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The consta…
New
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-6330
|
2026-06-28 04:50 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
