An attacker can bypass restrictions of OpenStack Keystone, via Disabled Backend Account, in order to gain user privileges.

An attacker can force a NULL pointer to be dereferenced on OpenSSL, via PKCS7_digest_from_attributes(), in order to trigger a denial of service, identified by CVE-2026-22796.

An attacker can use malicious data on OpenSSL, via PKCS#12 Parsing ASN1_TYPE Validation, in order to deceive the victim, identified by CVE-2026-22795.

An attacker can force a NULL pointer to be dereferenced on OpenSSL, via PKCS12_item_decrypt_d2i_ex(), in order to trigger a denial of service, identified by CVE-2025-69421.

An attacker can force a read at an invalid memory address of OpenSSL, via TS_RESP_verify_response(), in order to trigger a denial of service, or to obtain sensitive information, identified by...

CVE-2026-3055 targets Citrix NetScaler with active reconnaissance, risking data leaks on SAML IDP setups.

An attacker can bypass access restrictions to data of OpenSSL, via Low-level OCB Function, in order to read sensitive information, identified by CVE-2025-69418.

An attacker can use malicious data on OpenSSL, via dgst Input Truncation, in order to deceive the victim, identified by CVE-2025-15469.

An attacker can force a NULL pointer to be dereferenced on OpenSSL, via SSL_CIPHER_find(), in order to trigger a denial of service, identified by CVE-2025-15468.

An attacker can trigger a buffer overflow of OpenSSL, via CMS AuthEnvelopedData Parsing, in order to trigger a denial of service, and possibly to run code, identified by CVE-2025-15467.

An unauthenticated remote code execution flaw (CVE-2025-53521) in F5's BIG-IP Access Policy Manager (APM) is under active exploitation.

JFrog Security Research vient de mettre au jour une faille majeure affectant la bibliothèque PyPI de telnyx, un SDK essentiel utilisé par les développeurs pour intégrer des agents vocaux IA et des...

An attacker can trigger a buffer overflow of OpenSSL, via PKCS#12 PBMAC1 Parameters, in order to trigger a denial of service, and possibly to run code, identified by CVE-2025-11187.

An attacker can bypass restrictions of Grafana, via Cross-dashboard, in order to escalate his privileges, identified by CVE-2026-21721.