CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/19 7:36 p.m.•4 views

GHSA-GX7W-56W6-G48X Caddy: Remote Admin Authorization Bypass on PKI Endpoints via Prefix-Based Path Matching

AI Disclosure I used an LLM to help review the source code, reason about attack surface, and help draft and refine this report. I manually validated the finding by reproducing it locally, confirming the vulnerable code path, and verifying the HTTP behavior with curl -v. Summary Caddy's remote adm...

4.3CVSS5.8AI score

Exploits0References2

Fedora•added 2026/05/19 4:1 p.m.•8 views

[SECURITY] Fedora 43 Update: rust-rpki-0.18.6-4.fc43

A library for validating and creating RPKI data...

9.8CVSS5.8AI score0.00158EPSS

RedHat Linux•added 2026/05/14 4:55 p.m.•7 views

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

6.3CVSS7.1AI score0.00013EPSS

Fedora•added 2026/05/12 1:32 a.m.•7 views

[SECURITY] Fedora 43 Update: nss-3.122.2-1.fc43

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

5.8AI score

RedHat Linux•added 2026/05/06 5:59 p.m.•5 views

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

RedHat Linux•added 2026/05/05 3:47 a.m.•9 views

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

RedHat Linux•added 2026/05/05 3:47 a.m.•5 views

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

IBM Security Bulletins•added 2026/05/04 2:26 p.m.•2 views

Security Bulletin: Vulnerability in Elasticsearch PKI realm affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Elasticsearch PKI realm has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...

7.4CVSS5.7AI score0.00038EPSS

Exploits0Affected Software2

EUVD•added 2026/04/30 5:33 a.m.•3 views

EUVD-2026-26330

RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.2AI score0.00015EPSS

Exploits1References2

Fedora•added 2026/04/25 1:58 a.m.•4 views

[SECURITY] Fedora 44 Update: rpki-client-9.8-1.fc44

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

5.4AI score

RedhatCVE•added 2026/04/17 10:34 p.m.•2 views

CVE-2026-5052

A flaw was found in Vault’s PKI engine. The ACME Automated Certificate Management Environment validation process did not properly restrict requests to local network targets when handling http-01 and tls-alpn-01 challenges. This vulnerability, known as Server-Side Request Forgery SSRF, could allow...

8.6CVSS5.6AI score0.00021EPSS

Exploits0References4

ATTACKERKB•added 2026/04/17 2:55 a.m.•2 views

CVE-2026-5052

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0,...

5.3CVSS5.8AI score0.00021EPSS

Exploits0References2Affected Software2

CNNVD•added 2026/04/17 12:0 a.m.•5 views

HashiCorp Vault和HashiCorp Vault Enterprise 安全漏洞

HashiCorp Vault and HashiCorp Vault Enterprise are products developed by HashiCorp, a company based in the United States. HashiCorp Vault is a private key access management tool. HashiCorp Vault Enterprise is an enterprise information archiving platform. There were security vulnerabilities in...

8.6CVSS5.8AI score0.00021EPSS

Exploits0References2

Snyk•added 2026/04/15 10:13 a.m.•2 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00013EPSS

Exploits0References3

Vulnrichment•added 2026/04/15 9:6 a.m.•0 views

CVE-2026-5588 PKIX draft CompositeVerifier accepts empty signature sequence as valid.

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...