Lucene search
K

7446 matches found

RedHat Linux
RedHat Linux
added yesterday1 views

crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS6.1AI score0.0034EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added yesterday1 views

crypto/x509: Incorrect enforcement of email constraints in crypto/x509

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...

7.5CVSS6.9AI score0.00606EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added yesterday2 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS6.1AI score0.00349EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added yesterday2 views

Important: Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0 (golang-github-openstack-k8s-operators-os-diff) security update

An update for golang-github-openstack-k8s-operators-os-diff is now available for Red Hat OpenStack Services on OpenShift 18.0 Antelope. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

8.8CVSS6.8AI score0.00813EPSS
Exploits2References11
NVD
NVD
added yesterday7 views

CVE-2026-13385

An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middleMITM user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware '...

9.5CVSS0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-13385

An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middleMITM user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware '...

9.5CVSS0.00103EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-13385

The CVE-2026-13385 entry affects certain ASUS router models. It covers an vulnerability path where an attacker can perform a remote MITM to cause the device to download and execute arbitrary commands via a spoofed server, due to improper validation of the integrity check value and improper certif...

9.5CVSS6.3AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2026-44590

An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middleMITM user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware '...

9.5CVSS6.3AI score0.00103EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago6 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-44981 DESCRIPTION: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer...

9.1CVSS7.5AI score0.02667EPSS
Exploits2Affected Software1
NVD
NVD
added 2 days ago6 views

CVE-2026-62657

A security flaw in the router's certificate validation process was discovered in the NETGEAR XR1000 Gaming Router and certain Nighthawk models that could allow an unauthorized person to remotely access and take control of the device...

7.6CVSS0.001EPSS
Exploits0References5
NVD
NVD
added 2 days ago3 views

CVE-2026-50302

Improper certificate validation in Windows Cryptographic Services allows an unauthorized attacker to bypass a security feature over a network...

4.2CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2 days ago5 views

CVE-2026-62657

CVE-2026-62657 concerns a certificate validation flaw in NETGEAR XR1000 Gaming Router and certain Nighthawk models. The issue could allow an unauthenticated attacker to remotely access and take control of the device due to weaknesses in certificate validation. The sources identify affected device...

7.6CVSS6.1AI score0.001EPSS
Exploits0References5
NVD
NVD
added 2 days ago4 views

CVE-2026-55001

Improper certificate validation in Windows Active Directory allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00219EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-47632

Improper certificate validation in Azure Monitor Agent allows an unauthorized attacker to elevate privileges over an adjacent network...

8.8CVSS0.0032EPSS
Exploits0References1
CVE
CVE
added 2 days ago4 views

CVE-2026-47632

Azure Monitor Agent Metrics Extension is affected by CVE-2026-47632 due to improper certificate validation, enabling elevation of privileges for an unauthenticated attacker on an adjacent network. Exploitation details are not provided in the connected documents. CVSSv3.1 base score 8.8 (High): AV...

8.8CVSS6.1AI score0.0032EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-55001

CVE-2026-55001 affects Windows Active Directory / Active Directory Domain Services. The root cause is improper certificate validation within AD, enabling an authorized attacker to achieve local privilege escalation. CVSS 3.1 base score 7.8 (Local, Low complexity, Privileges Required: Low; User In...

7.8CVSS6AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2 days ago17 views

CVE-2026-59836

Fortinet FortiClientEMS suffers an improper certificate validation vulnerability affecting FortiClientEMS 7.4.3–7.4.5, 7.4.0–7.4.1, and FortiClientEMS 7.2 (all versions in that line). Root cause is improper certificate validation; impact is information disclosure with high confidentiality and int...

9.8CVSS6.1AI score0.00124EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2 days ago10 views

Windows Cryptographic Services Security Feature Bypass Vulnerability

Improper certificate validation in Windows Cryptographic Services allows an unauthorized attacker to bypass a security feature over a network...

4.2CVSS6.1AI score0.0024EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2 days ago5 views

Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability

Improper certificate validation in Azure Monitor Agent allows an unauthorized attacker to elevate privileges over an adjacent network...

8.8CVSS6.1AI score0.0032EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2 days ago5 views

Active Directory Domain Services Elevation of Privilege Vulnerability

Improper certificate validation in Windows Active Directory allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00219EPSS
Exploits0
Rows per page
Query Builder