curl: OpenSSL TLS 1.2 session resumption accepts expired server certificates in libcurl

Summary curl's OpenSSL backend can accept a new TLS 1.2 HTTPS connection after the server certificate has expired if the connection resumes a previously cached TLS session. A full handshake made at the same time with the same certificate fails with CURLEPEERFAILEDVERIFICATION, but the resumed...

Astra Linux – Vulnerability in Node.js

If the Node.js HTTPS API was used incorrectly, and “undefined” was passed as the “rejectUnauthorized” parameter, no error would be returned, and connections to servers with expired certificates would be accepted...

Siemens APE1808 Improper Certificate Validation (CVE-2026-0228)

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so. This plugin only works with Tenable.ot. Please visit...

Linux Distros Unpatched Vulnerability : CVE-2026-24122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires befo...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper validation of certificate chains during signature verification when transparency log verification is skipped. An attacker can cause acceptance of signatures with expired intermediate...

GHSA-WFQV-66VQ-46RM Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped

Summary When verifying artifact signatures using a certificate, Cosign first verifies the certificate chain using the leaf certificate's "not before" timestamp and later checks expiry of the leaf certificate using either a signed timestamp provided by the Rekor transparency log or from a timestam...

Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped

Summary When verifying artifact signatures using a certificate, Cosign first verifies the certificate chain using the leaf certificate's "not before" timestamp and later checks expiry of the leaf certificate using either a signed timestamp provided by the Rekor transparency log or from a timestam...

cosign 信任管理问题漏洞

Cosign is a container signature, verification, and storage mechanism in the OCI registry of the United States. Versions of Cosign prior to 3.0.4 contained a trust management vulnerability. This vulnerability stemmed from issues with the certificate verification logic, potentially causing the...

CVE-2026-0228

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so...

CVE-2026-0228

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so...

CVE-2026-0228

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so...

CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so...

CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so...

CVE-2026-0228

Technical details about CVE-2026-0228 are not publicly provided in the supplied documents. Monitor for updates from Palo Alto Networks or other sources for affected products, impact, and remediation.

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a security vulnerability in Palo Alto Networks PAN-OS, which stems from improper certificate verification. This vulnerability may allow users to connect to terminal server proxies o...

PT-2026-7631

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so...

Palo Alto Networks PAN-OS 10.2.x < 10.2.17 / 11.1.x < 11.1.11 / 11.2.x < 11.2.8 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.17, 11.1.x prior to 11.1.11, or 11.2.x prior to 11.2.8. It is, therefore, affected by a vulnerability. An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issue: Mozilla Thunderbird is updated to 140.4. changed: Account Hub is now disabled by default for second email account bmo1992027 changed: Flatpak runtime has been updated to Freedesktop SDK 24.08 bmo1952100 fixed: Users could not read mail...

EUVD-2009-2833

Malware in sbrugna...

EUVD-2025-3949

Malicious code in bioql PyPI...