250 matches found
CVE-2026-55605
DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...
CVE-2026-55605
DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...
CVE-2026-55964
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...
DEBIAN-CVE-2026-55964
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...
UBUNTU-CVE-2026-55964
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...
EUVD-2026-39544
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...
CVE-2026-55964 Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA (temporary CA exemption)
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...
CVE-2026-55964
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...
CVE-2026-55964
CVE-2026-55964 describes a change in certificate path validation affecting OpenSSL-compatibility path building (X509_verify_cert / X509_STORE). Previously, chain-supplied temporary CAs (WOLFSSL_TEMP_CA) could be accepted as signing CAs even if the intermediate CA had CA:TRUE but lacked keyCertSig...
CVE-2026-55964
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...
PT-2026-52573
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An issue exists where chain intermediate certificates asserting CA:TRUE but lacking the keyCertSign key usage were accepted as signing CAs. This occurs because chain-supplied temporary CAs...
USN-8447-3 google-guest-agent vulnerabilities
USN-8447-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding updates for Go Cryptography code embedded in Google Guest Agent. Original advisory details: It was discovered that Go Cryptography did not properly handle SSH global request responses. A remote attacker...
USN-8447-3: Google Guest Agent vulnerabilities
USN-8447-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding updates for Go Cryptography code embedded in Google Guest Agent. Original advisory details: It was discovered that Go Cryptography did not properly handle SSH global request responses. A remote attacker...
python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens
A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...
EUVD-2026-36765
In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...
EUVD-2026-36764
In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication because of KeyUsage and ExtendedKeyUsage...
CVE-2026-45388
In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication because of KeyUsage and ExtendedKeyUsage...
CVE-2026-45389
In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...
CVE-2026-45389
In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...
CVE-2026-45389
In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...