Lucene search
K

31 matches found

CVE
CVE
added 2026/07/03 6:16 a.m.18 views

CVE-2026-8932

CVE-2026-8932 : The vulnerability describes incomplete mTLS config matching in libcurl’s connection reuse logic. A previously used TLS client-certificate-related setting (notably the private key) was omitted from the configuration match checks, causing connections in the pool to be reused even wh...

7.5CVSS6.2AI score0.00368EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/07/03 6:16 a.m.5 views

CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS6.2AI score0.00368EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/30 3:51 p.m.8 views

EUVD-2026-40374

Nightingale n9e before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authenticated low-privilege Standard role user through POST /api/n9e/datasource/list. The route is...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 8:16 p.m.7 views

CVE-2026-48491

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...

10CVSS0.00245EPSS
Exploits1References5
OSV
OSV
added 2026/06/18 5:22 p.m.8 views

GHSA-GFJ5-979R-92PW @acastellon/auth: Authentication bypass via spoofable headers in validateToken()

@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...

9.3CVSS5.5AI score0.00543EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/03 12:19 p.m.11 views

CVE-2026-42789

A flaw was found in Erlang OTP's publickey module. This vulnerability CWE-295, related to improper certificate validation, allows a non-Certificate Authority CA certificate to be accepted as an intermediate issuer. A remote attacker, holding an end-entity certificate issued by a trusted CA, can...

8CVSS5.8AI score0.00322EPSS
Exploits0References9
Hacker One
Hacker One
added 2026/05/13 9:34 p.m.7 views

curl: CVE-2026-8932: incomplete mTLS config matching in conn reuse

Hi all, This report and my multiple subsequent ones may come as a surprise, as I was assured that curl now had zero vulnerabilities in it. Nonetheless, I think the CVE-2022-27782 fix "TLS and SSH connection too eager reuse", commit f18af4f874 2022-05-09, "tls: check more TLS details for connectio...

7.5CVSS6.6AI score0.02596EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2026/04/14 11:15 p.m.7 views

Oxia's TLS CA certificate chain validation fails with multi-certificate PEM bundles

Summary The trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded. This silently breaks certificate chain validation for mTLS...

6.9CVSS5.8AI score0.0016EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/27 11:39 a.m.3 views

BIT-ETCD-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...

6.5CVSS5.9AI score0.0021EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 8:33 p.m.4 views

GO-2026-4723 Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports in github.com/bishopfox/sliver

Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports in github.com/bishopfox/sliver...

7.1CVSS5.9AI score0.00298EPSS
Exploits1References3
OSV
OSV
added 2026/03/26 8:33 p.m.5 views

GO-2026-4828 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching in github.com/nats-io/nats-server

NATS has mTLS verifyandmap authentication bypass via incorrect Subject DN matching in github.com/nats-io/nats-server...

4.2CVSS5.9AI score0.00143EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 8:33 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the mTLS or WireGuard transports. An attacker can cause the process to consume excessive memory and potentially crash by sending specially crafted authenticated requests that...

7.1CVSS6.4AI score0.00298EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/25 8:18 p.m.25 views

CVE-2026-33248 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

4.2CVSS0.00143EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/25 8:18 p.m.9 views

CVE-2026-33248

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

4.2CVSS6.1AI score0.00143EPSS
Exploits0
OSV
OSV
added 2026/03/24 9:51 p.m.6 views

GHSA-3F24-PCVM-5JQC NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. One authentication model supported is mTLS, deriving the NATS client identity from properties of the TLS Client Certificate. Problem...

4.2CVSS5.8AI score0.00143EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

Traefik 安全漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions of Traefik such as 2.11.40, 3.0.0-beta1 to 3.6.11, and 3.7.0-ea.1 contain security vulnerabilities. These vulnerabilities stem from issues with the TLS SNI pre-sniffing logic, which may allow for...

7.8CVSS6.4AI score0.00405EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.7 views

PT-2026-1769

Name of the Vulnerable Software and Affected Versions wolfssl-py versions up to and including 5.8.2 Description A flaw exists in the handling of verify mode = CERT REQUIRED within the wolfssl Python package wolfssl-py. The absence of the WOLFSSL VERIFY FAIL IF NO PEER CERT flag causes the softwar...

9.3CVSS6.5AI score0.00272EPSS
Exploits0References16
Veracode
Veracode
added 2025/11/24 4:53 a.m.7 views

Improper Authentication

Akka.NET is vulnerable to improper authentication. The vulnerability is due to the lack of mutual TLS enforcement in Akka.Remote, which allows an attacker to connect to a TLS-enabled cluster without presenting a valid client certificate and thereby communicate with the cluster...

9.3CVSS6.9AI score0.00374EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2025/11/07 6:38 p.m.4 views

CVE-2025-64432 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer

KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...

4.7CVSS6.9AI score0.00139EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/11/06 9:12 a.m.8 views

CVE-2025-55108

The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled i.e. in the default configuration. NOTE: The vendor believes that this vulnerability only occurs when...

10CVSS7.9AI score0.00786EPSS
Exploits0References1
Rows per page
Query Builder