CVE-2026-46389

CVE-2026-46389 affects UDS Identity Config (Keycloak integration) used by UDS Core Identity. A logic error in the Keycloak client authenticator named client-kubernetes-secret (shipped by uds-identity-config) in versions 0.11.0–0.26.0 overwrites the submitted client_secret with the mounted Kuberne...

CVE-2026-46389 UDS Identity Config has a client authentication bypass in `ClientIdAndKubernetesSecretAuthenticator`

UDS Identity Config builds the Keycloak configuration image realm, plugins, theme, truststore, JARs consumed by UDS Core's Identity deployment. In versions 0.11.0 through 0.26.0, a logic error in the client-kubernetes-secret Keycloak client authenticator shipped by uds-identity-config and consume...

Astra Linux - уязвимость в erlang

In Erlang/OTP versions prior to 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there was a situation where Client Authentication Bypass occurred in certain client-certification scenarios for SSL, TLS, and DTLS...

OPENSUSE-SU-2026:20528-1 Security update for Botan

This update for Botan fixes the following issues: - CVE-2026-34582: Fixed a client authentication bypass in TLS 1.3 implementation bsc1261880...

CVE-2026-34582

A flaw was found in Botan, a C++ cryptography library. The TLS 1.3 implementation in Botan allows application data to be processed before the TLS handshake is fully completed. A remote attacker can exploit this by omitting critical client authentication messages, such as the Certificate,...

GO-2026-4530 Traefik affected by TLS ClientAuth Bypass on HTTP/3 in github.com/traefik/traefik

Traefik affected by TLS ClientAuth Bypass on HTTP/3 in github.com/traefik/traefik...

Traefik affected by TLS ClientAuth Bypass on HTTP/3

Summary There is a potential vulnerability in Traefik managing HTTP/3 connections. More details in the CVE-2025-68121. Patches - https://github.com/traefik/traefik/releases/tag/v2.11.37 - https://github.com/traefik/traefik/releases/tag/v3.6.8 Workarounds No workaround For more information If you...

Apache Tomcat 10.1.0.M1 < 10.1.50 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.50. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.50security-10 advisory. - Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through...

CVE-2025-9485

The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 6.26.12. This is due to the plugin performing unsafe JWT token processing without verification or validation in the...

Erlang/OTP (Erlang OTP) TLS Client Authentication Bypass Vulnerability (GHSA-f7jg-qm7f-ppm8) - Linux

Erlang/OTP Erlang OTP is prone to a TLS client authentication bypass vulnerability in the ssl component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Linux Distros Unpatched Vulnerability : CVE-2024-45160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty...

Linux Distros Unpatched Vulnerability : CVE-2022-37026

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations...

K000151390: Erlang/OTP vulnerabilities CVE-2022-37026 and CVE-2025-32433

Security Advisory Description CVE-2022-37026 In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. CVE-2025-32433 Erlang/OTP is a set of libraries for the Erlang...

OESA-2023-1942 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, a...

OESA-2023-1912 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, a...

Ubuntu 20.04 LTS / 22.04 LTS : Erlang vulnerability (USN-6059-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6059-1 advisory. It was discovered that Erlang did not properly implement TLS client certificate validation during the TLS handshake. A remote attacker could use this...

RHEL 8 : Red Hat OpenStack Platform 16.2.4 (erlang) (RHSA-2022:8857)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8857 advisory. Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault...

erlang/otp: Client Authentication Bypass

A Client Authentication Bypass was found in Erlang/OTP. This issue occurs in certain client-certification situations for SSL, TLS, and DTLS...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (erlang) security update

An update for erlang is now available for Red Hat OpenStack Platform 16.2.4 Train on Red Hat Enterprise Linux RHEL 8.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

MGASA-2022-0450 Updated erlang packages fix security vulnerability

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. CVE-2022-37026...