Lucene search
K

104 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-8480

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 included, 4.4.0 to 4.8.15 included , 5.0.2 EA to 5.0.5 included A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to...

4.3CVSS0.00087EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-8480 Connection possible to the Administration portal with a revoked certificate

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 included, 4.4.0 to 4.8.15 included , 5.0.2 EA to 5.0.5 included A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to...

4.3CVSS0.00087EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 8:39 a.m.12 views

EUVD-2026-35380

Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connection between an OPC UA client and server using a revoked certificate...

5.6CVSS5.5AI score0.00108EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/06/05 11:44 a.m.65 views

curl: GnuTLS OCSP stapling accepts unrelated SingleResponse (no cert-ID binding)

Summary This report describes a variant of the publicly disclosed curl vulnerability CVE-2020-8286 OCSP stapling verification bypass, found in the GnuTLS TLS backend lib/vtls/gtls.c. The original CVE affected the NSS backend; this variant reproduces the same logical class of defect — accepting...

7.5CVSS6.8AI score0.04575EPSS
Exploits1
OSV
OSV
added 2026/05/27 12:23 p.m.7 views

EEF-CVE-2026-42791 OCSP responder certificate validity period not checked in public_key

Summary Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

6.3CVSS5.9AI score0.00316EPSS
Exploits0References5
NVD
NVD
added 2026/04/30 6:16 p.m.6 views

CVE-2026-3832

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol OCSP response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabl...

3.7CVSS0.0072EPSS
Exploits1References9
CVE
CVE
added 2026/04/30 5:41 p.m.30 views

CVE-2026-3832

CVE-2026-3832 affects the gnutls library. A logic error in processing multi-record OCSP responses during TLS handshakes can cause a client with OCSP verification enabled to incorrectly accept a revoked server certificate, potentially compromising trust. The available documents describe the vulner...

3.7CVSS5.4AI score0.0072EPSS
Exploits1References9Affected Software4
ATTACKERKB
ATTACKERKB
added 2026/04/30 5:41 p.m.5 views

CVE-2026-3832

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol OCSP response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabl...

3.7CVSS5.4AI score0.0072EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2026/04/30 5:41 p.m.10 views

CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol OCSP response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabl...

3.7CVSS5.5AI score0.0072EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.26 views

nginx 1.27.2 < 1.28.3 / 1.29.x < 1.29.7 OCSP Result Bypass

The installed version of nginx is 1.27.2 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured wi...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References3
NVD
NVD
added 2026/04/07 1:16 p.m.5 views

CVE-2026-32144

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in publickey:pkixocspvalidate/5 does not verify that a CA-designated responder certificate...

7.6CVSS0.002EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/07 12:28 p.m.27 views

CVE-2026-32144 OCSP designated-responder authorization bypass via missing signature verification

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in publickey:pkixocspvalidate/5 does not verify that a CA-designated responder certificate...

7.6CVSS0.002EPSS
Exploits0References6
OSV
OSV
added 2026/03/27 7:10 a.m.5 views

BIT-NGINX-GATEWAY-2026-28755 NGINX ngx_stream_ssl_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2026/03/24 1:32 p.m.19 views

K000160368: NGINX ngx_stream_ssl_module vulnerability CVE-2026-28755

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP...

5.4CVSS5.8AI score0.00133EPSS
Exploits0Affected Software2
Cvelist
Cvelist
added 2026/03/19 8:37 p.m.25 views

CVE-2026-4428 CRL Distribution Point Scope Check Logic Error in AWS-LC

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or...

9.1CVSS0.00252EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/03/17 11:36 a.m.6 views

How searching for a VPN could mean handing over your work login details

This blog is about how trying to do the “right thing” can lead you straight into a trap. People searching for a VPN ended up downloading credential-stealing malware. From the victim’s perspective, their trust was exploited at every step: trust in search engines, in familiar logos, in digital...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/12 5:0 p.m.7 views

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

In this article 1. From search to stolen credentials: Storm-2561 attack chain 2. Defending against credential theft campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise In mid-January 2026, Microsoft Defender Experts identified a credential theft campaign tha...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/11 12:32 a.m.2 views

GHSA-J443-WCQQ-XPRH Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go

Summary A critical vulnerability has been identified at https://security.snyk.io/package/linux/chainguard:latest/terraform-provider-sendgrid, associated with the underlying Go version. If the server's TLS configuration is mutated between connections — for example, a CA is removed from the trusted...

10CVSS5.7AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.7 views

PT-2026-36154

Name of the Vulnerable Software and Affected Versions gnutls affected versions not specified Description A logic error exists in how the software processes multi-record Online Certificate Status Protocol OCSP responses—a protocol used to check the revocation status of digital certificates. A remo...

9.1CVSS5.8AI score0.00805EPSS
Exploits2References58
Malwarebytes
Malwarebytes
added 2026/02/09 10:51 a.m.5 views

Fake 7-Zip downloads are turning home PCs into proxy nodes

A convincing lookalike of the popular 7-Zip archiver site has been serving a trojanized installer that silently converts victims’ machines into residential proxy nodes—and it has been hiding in plain sight for some time. “I’m so sick to my stomach” A PC builder recently turned to Reddit’s...

5.7AI score
Exploits0
Rows per page
Query Builder