CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

CVE-2026-6091

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL...

6CVSS

Exploits0References2

Cvelist•added yesterday•5 views

CVE-2026-6091 Partial-chain verification accepts untrusted intermediate as trust anchor

6CVSS

Exploits0References2

ATTACKERKB•added yesterday•3 views

CVE-2026-6091

6CVSS5.9AI score

Exploits0References3Affected Software1

CVE•added yesterday•6 views

CVE-2026-6091

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. The vulnerability affects the wolfSSL OpenSSL compatibility certificate-path-building path (wolfSSL_X509_verify_cert / X509_STORE, OPENSSL_E...

6CVSS5.9AI score

Exploits0References2

EUVD•added yesterday•4 views

EUVD-2026-39486

6CVSS5.9AI score

Exploits0References2

Tenable Nessus•added 2026/06/10 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-42765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen...

7.5CVSS5.6AI score0.00419EPSS

Exploits0References2

EUVD•added 2026/06/09 6:30 p.m.•10 views

EUVD-2026-35482

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...

7.5CVSS5.6AI score0.00419EPSS

Exploits0References4

NVD•added 2026/06/09 5:17 p.m.•7 views

CVE-2026-42765

7.5CVSS0.00419EPSS

Exploits0References3

Debian CVE•added 2026/06/09 4:3 p.m.•7 views

CVE-2026-42765

7.5CVSS5.5AI score0.00419EPSS

Exploits0

Cvelist•added 2026/06/09 4:3 p.m.•30 views

CVE-2026-42765 NULL Dereference in Certificate Verification with OCSP Checking

0.00419EPSS

Exploits0References3

Vulnrichment•added 2026/06/09 4:3 p.m.•9 views

CVE-2026-42765 NULL Dereference in Certificate Verification with OCSP Checking

5.6AI score0.00419EPSS

Exploits0References3

CVE•added 2026/06/09 4:3 p.m.•22 views

CVE-2026-42765

CVE-2026-42765 describes a NULL dereference in certificate verification when OCSP response checking is enabled together with partial-chain verification. The issue triggers a crash (Denial of Service) if the verified chain lacks a self-signed trusted anchor, because for the last certificate the is...

7.5CVSS5.6AI score0.00419EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/06/09 12:0 a.m.•10 views

PT-2026-47835

5.6AI score0.00419EPSS

Exploits0References4

OSV•added 2026/05/04 1:12 p.m.•4 views

JLSEC-2026-429 When doing TLS related transfers with reused easy or multi handles and altering the ...

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...

5.3CVSS6AI score0.00679EPSS

Exploits0References5

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в curl

When performing TLS-related transfers using reused easy or multi-handles, and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl may accidentally reuse a CA store cached in memory, where the partial chain option is reversed. This goes against the user’s wishes and expectations. As a result,...

5.3CVSS6AI score0.00679EPSS

Exploits0References1

OSV•added 2026/01/23 12:22 p.m.•9 views

OESA-2026-1195 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...

5.3CVSS5.6AI score0.00679EPSS

Exploits3References5

Tenable Nessus•added 2026/01/19 12:0 a.m.•8 views

libcurl 7.87.0 < 8.18.0 OpenSSL partial chain store policy bypass (CVE-2025-14819)

The version of libcurl installed on the remote host is missing a security update. It is, therefore, affected by a improper certificate validation vulnerability. - When performing TLS transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could...

5.3CVSS6.9AI score0.00679EPSS

Exploits0References2

RedhatCVE•added 2026/01/18 11:20 a.m.•6 views

CVE-2025-14819

5.3CVSS6.6AI score0.00679EPSS

Exploits0References1

Snyk•added 2026/01/08 10:45 a.m.•2 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the handling of TLS transfers when reusing easy or multi handles and modifying the CURLSSLOPTNOPARTIALCHAIN option. An attacker can cause the application to accept an unintended trust chain by exploiti...

6.8CVSS5.8AI score0.00679EPSS

Exploits0References2

NVD•added 2026/01/08 10:15 a.m.•6 views

CVE-2025-14819

5.3CVSS0.00679EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by