CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 6 days ago•8 views

CVE-2026-46579

7.4CVSS5.7AI score0.00038EPSS

CVE•added 6 days ago•10 views

CVE-2026-46579

OpenShift Router flaw: when Route.insecureEdgeTerminationPolicy is Allow, the HTTP frontend does not strip X-SSL-Client-* headers, enabling an unauthenticated attacker to craft requests that bypass mutual TLS authentication by impersonating client certificate identities. Affected component: OpenS...

7.4CVSS5.7AI score0.00038EPSS

Tenable Nessus•added 2026/05/28 12:0 a.m.•5 views

IBM HTTP Server 8.5.0.0 < 8.5.5.30 / 9.0.0.0 < 9.0.5.29 Multiple Vulnerabilities (7274065)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities: - IBM HTTP Server is vulnerable to denial of service and a potential remote code execution due to improper input validation. CVE-2026-9170 - IBM HTTP Server is vulnerable to remote code execution an...

9.8CVSS6.7AI score0.00286EPSS

Exploits1References10

EUVD•added 2026/05/26 4:58 p.m.•5 views

EUVD-2026-31905

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication client authentication...

9.8CVSS6.5AI score0.00286EPSS

Exploits0References1

RedHat Linux•added 2026/05/26 12:55 p.m.•8 views

Apache Tomcat: Apache Tomcat: Authentication bypass via client certificate misconfiguration

A flaw was found in Apache Tomcat where OCSP-based certificate validation may incorrectly soft-fail during CLIENTCERT authentication, even when soft-fail is disabled, under certain FFM-related execution paths. This can result in client certificates being accepted despite failed or unverifiable...

6.5CVSS5.9AI score0.00149EPSS

Exploits0References5

SUSE CVE•added 2026/05/13 2:53 p.m.•7 views

SUSE CVE-2024-37082

When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have...

9.1CVSS5.8AI score0.0004EPSS

Github Security Blog•added 2026/05/04 7:8 p.m.•3 views

Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots

Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...

4.8CVSS5.8AI score0.00011EPSS

Exploits1References7Affected Software1

GithubExploit•added 2026/04/23 5:26 p.m.•140 views

Exploit for Improper Authentication in Apache Tomcat

CVE-2026-29145 Testing Environment 📌 Overview This reposi...

9.1CVSS5.8AI score0.00028EPSS

Exploits1

CVE•added 2026/04/21 9:14 p.m.•5 views

CVE-2026-40944

Summary: CVE-2026-40944 affects Oxia, a metadata store and coordination system. Before 0.16.2, the TLS trustedCertPool() configuration only loads the first PEM block from CA bundles; when multiple certificates (e.g., intermediate + root) are present, the chain is not fully validated for mTLS. Thi...

6.9CVSS5.8AI score0.00033EPSS

Exploits0References1

Positive Technologies•added 2026/04/21 12:0 a.m.•2 views

PT-2026-34188

Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded...

6.9CVSS5.8AI score0.00033EPSS

Veracode•added 2026/04/15 6:19 a.m.•5 views

Improper Authentication And Authorization

kubevirt.io/kubevirt is vulnerable to improper authentication and authorization. The vulnerability is due to improper validation of the Common Name CN field in client TLS certificates during mTLS authentication, which allows an attacker to bypass RBAC controls by impersonating the Kubernetes API...

4.7CVSS6.8AI score0.0002EPSS

Exploits1References4Affected Software1

OSV•added 2026/04/07 6:31 p.m.•1 views

GHSA-QXPC-96FQ-WWMG Apache Cassandra is vulnerable to privilege escalation in an mTLS environment using MutualTlsAuthenticator

Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are...

EUVD•added 2026/04/07 6:31 p.m.•1 views

Exploits0References6

EUVD-2026-19761

NVD•added 2026/04/07 5:16 p.m.•2 views

CVE-2026-27314

8.8CVSS0.00037EPSS

ATTACKERKB•added 2026/04/07 4:33 p.m.•3 views

CVE-2026-27314

Exploits0References2Affected Software1

Cvelist•added 2026/04/07 4:33 p.m.•12 views

CVE-2026-27314 Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass

0.00037EPSS

Exploits0References1

CVE•added 2026/04/07 4:33 p.m.•4 views

CVE-2026-27314

CVE-2026-27314 affects Apache Cassandra 5.0 in an mTLS environment using MutualTlsAuthenticator. A user with only CREATE permission can bind their certificate identity to an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY . The root cause is an authoriza...

Exploits0References2Affected Software1

CNNVD•added 2026/04/07 12:0 a.m.•2 views

Apache Cassandra 安全漏洞

Apache Cassandra is a distributed NOSQL database developed by the Apache Foundation in the United States. Version 5.0 of Apache Cassandra contains a security vulnerability. This vulnerability stems from improper permission allocation when using MutualTlsAuthenticator in an mTLS environment, which...

8.8CVSS5.8AI score0.00037EPSS