CVE-2026-47107

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

CVE-2026-10584

Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...

EUVD-2026-34011

Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...

CVE-2026-10584

Graph Explorer before 3.0.1 uses an HTTP fallback when certificate files are missing, exposing potential interception of HTTPS requests. The vulnerability affects the proxy component of Graph Explorer and can lead to disclosure of sensitive information. The recommended remediations are to upgrade...

CVE-2026-44167

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...

GHSA-2F25-PFQ3-C7H8 Phpseclib needs guardrails on large binaryfield integers

Impact Anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc Patches https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f Workarounds No. References...

CVE-2026-4482

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems users have read and execute access. For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any...

CVE-2026-4482 Insight Agent Private Key Information Disclosure via Inherited File Permissions

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems users have read and execute access. For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any...

CVE-2026-4482 Insight Agent Private Key Information Disclosure via Inherited File Permissions

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems users have read and execute access. For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any...

CVE-2026-39364

A flaw was found in Vite, a frontend tooling framework for JavaScript. On the Vite development server, a remote attacker could exploit this vulnerability by appending specific query parameters, such as ?raw, to requests. This allows the attacker to bypass security restrictions and retrieve...

CVE-2025-41763 Unchecked role in wwwdnload.cgi

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files...

PT-2026-24033

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files...

CVE-2026-27586

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

CVE-2025-68721

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...

How to Manually Change the VSA Host Management Certificate

Purpose This article documents the procedure for updating the Host Management Certificate used by the VSA Veeam Software Appliance. Note: The ability to update the certificate via the VSA Host Management Console may be added in a future version; however, as of version 13.0, it must be completed b...

PT-2026-21768

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.1 Description Caddy, an extensible server platform that uses TLS by default, has an issue where mTLS client certificate authentication can silently fail open under certain conditions. Specifically, if a CA...

CVE-2025-63729

An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO3.7L3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder...

EUVD-2007-5438

Malware in sbrugna...

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.

...

SUSE CVE-2025-23048

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...