Lucene search
K

280 matches found

OSV
OSV
added 2026/07/03 7:16 a.m.3 views

ALPINE-CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS6.2AI score0.00368EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.7 views

CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS0.00368EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/03 6:16 a.m.72 views

CVE-2026-8932 incomplete mTLS config matching in conn reuse

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

0.00368EPSS
Exploits1References3
OSV
OSV
added 2026/07/02 8:32 p.m.4 views

GHSA-RXRH-4J9H-XGG9 Steeltoe: TLS private keys written to /tmp with default permissions, never deleted

Summary When MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors library writes those credentials to temporary files in Path.GetTempPath using File.CreateText. On Linux, File.CreateText creates files with mode 0644 world-readable under the process...

4.7CVSS5.8AI score0.00065EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-575 wolfSSL Python module vulnerable to Improper Authentication

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

9.3CVSS5.7AI score0.00272EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/26 10:39 p.m.9 views

CVE-2026-48928

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS5.7AI score0.00256EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 2:16 a.m.4 views

ALPINE-CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.1AI score0.00256EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 8:0 a.m.7 views

CURL-CVE-2026-8932 incomplete mTLS config matching in conn reuse

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS5.8AI score0.00368EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/24 7:25 a.m.5 views

CVE-2026-53622

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection allows unauthenticated clients to bypass router-specific mutual Transport Layer Security mTLS enforcement. When HTTP/3 is enabled and a router use...

10CVSS5.9AI score0.0024EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51751

Name of the Vulnerable Software and Affected Versions curl versions 7.7 through 8.20.x Description libcurl incorrectly reuses connections from its connection pool when certain mTLS mutual TLS configuration options, specifically those related to the private key, are modified. Because these TLS...

7.5CVSS6.1AI score0.00368EPSS
Exploits1References45
Cvelist
Cvelist
added 2026/06/23 7:13 p.m.38 views

CVE-2026-53622 Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

7.8CVSS0.0024EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:13 p.m.37 views

CVE-2026-53622

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

7.8CVSS5.9AI score0.0024EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:12 p.m.6 views

CVE-2026-48491

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...

7.8CVSS5.9AI score0.00245EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/23 7:12 p.m.5 views

CVE-2026-48491

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...

10CVSS5.8AI score0.00245EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/16 7:2 p.m.4 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SNICheck process. An attacker can gain unauthorized access to protected backends by completing a TLS handshake using a permissive SNI and then sending an HTTP Host header...

10CVSS6AI score0.00245EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/16 7:2 p.m.4 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SNICheck process. An attacker can gain unauthorized access to protected backends by completing a TLS handshake using a permissive SNI and then sending an HTTP Host header...

10CVSS6AI score0.00245EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50143

Name of the Vulnerable Software and Affected Versions Traefik versions 3.7.0 through 3.7.2 Description An issue in the SNICheck domain-fronting protection allows an unauthenticated client to bypass mutual TLS mTLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rul...

10CVSS5.2AI score0.00245EPSS
Exploits1References12
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 4:25 p.m.9 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing affected by a race condition in Eclipse Jersey (CVE-2025-12383)

Summary A critical race condition CVE-2025-12383 has been identified in the Eclipse Jersey client library jersey-client-2.26.jar used by IBM Engineering Lifecycle Optimization - Engineering Publishing. Under high-concurrency conditions, a flaw in the HTTPS client's lazy initialization flow can...

9.4CVSS7.5AI score0.00277EPSS
Exploits0Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.10 views

cve-2026-40995 - MEDIUM - X.509 authentication bypasses Spring Security account checks

cve-2026-40995 - MEDIUM - X.509 authentication bypasses Spring Security account checks...

5.4CVSS6.1AI score0.00148EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.13 views

CVE-2026-44700

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in...

8.7CVSS5.4AI score0.00255EPSS
Exploits0References1
Rows per page
Query Builder