Lucene search
K

519 matches found

Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-54291 Silent channel-binding authentication downgrade via unsupported certificate algorithms

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS0.00251EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 8:10 a.m.9 views

EUVD-2026-40054

Eclipse tinydtls before commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds read vulnerability in the checkservercertificate function that allows unauthenticated attackers to trigger reads beyond valid buffer boundaries by crafting a Certificate handshake message with a...

6.9CVSS6AI score0.00173EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:17 p.m.3 views

UBUNTU-CVE-2026-55962

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS5.8AI score0.00143EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 8:17 p.m.4 views

DEBIAN-CVE-2026-55960

Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer...

7.5CVSS5.8AI score0.00145EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52572

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where an un-negotiated Raw Public Key RPK, as defined in RFC 7250, is accepted instead of an X.509 certificate, allowing the bypass of chain...

8.2CVSS5.7AI score0.00145EPSS
Exploits0References5
NVD
NVD
added 2026/06/16 12:16 a.m.9 views

CVE-2026-9259

Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

9.8CVSS0.00195EPSS
Exploits0References4
CVE
CVE
added 2026/06/15 12:0 a.m.14 views

CVE-2026-45388

CVE-2026-45388 affects OCaml-TLS before 2.1.0. The TLS 1.3 client path in handshake_client13.ml did not wire into validate_keyusage, allowing a certificate issued for non-server purposes (e.g., clientAuth, codeSigning, emailProtection) to impersonate a TLS server if the EKU/KeyUsage restrictions ...

9.1CVSS5.2AI score0.00225EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.6 views

EUVD-2026-30042

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.0011EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.20 views

EUVD-2026-29931

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine...

5.3CVSS5.8AI score0.00267EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. There is a security vulnerability in curl, which stems from a failure in OCSP binding detection. This failure may lead to an incorrect assumption that the server’s certificate is valid...

5.3CVSS5.8AI score0.00267EPSS
Exploits1References1
OSV
OSV
added 2026/04/29 9:16 p.m.6 views

UBUNTU-CVE-2026-1858

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.00155EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/04/29 8:15 p.m.6 views

CVE-2026-1858

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.00155EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-35897

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When using the Certificate Status Request TLS extension, commonly known as OCSP stapling, to verify server certificate validity, the software fails to detect OCSP problems and incorrectly treats...

5.2AI score0.00267EPSS
Exploits1References9
OSV
OSV
added 2026/04/27 6:33 p.m.7 views

JLSEC-2026-272

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS6.2AI score0.00631EPSS
Exploits0References6
OSV
OSV
added 2026/04/10 7:20 p.m.4 views

GHSA-C3H3-89QF-JQM5 LXD: Update of type field in restricted TLS certificate allows privilege escalation to cluster admin

Summary A restricted TLS certificate user can escalate to cluster admin by changing their certificate type from client to server via PUT/PATCH to /1.0/certificates/fingerprint. The non-admin guard and reset block in doCertificateUpdate fail to validate or reset the Type field, allowing a...

9.1CVSS5.9AI score0.00274EPSS
Exploits1References4
OSV
OSV
added 2026/04/07 10:16 p.m.1 views

DEBIAN-CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS6.2AI score0.00631EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/09 3:38 a.m.2 views

CVE-2026-3822 Taipower|Taipower APP(Android) - Improper Certificate Validation

Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the...

8.3CVSS5.9AI score0.00152EPSS
Exploits0References2
CVE
CVE
added 2026/03/09 3:38 a.m.10 views

CVE-2026-3822

Summary: Taipower APP is vulnerable to an improper certificate validation in TLS/SSL. During HTTPS connections, the app does not verify the server’s certificate, enabling an unauthenticated attacker to perform a Man‑in‑the‑Middle (MITM) attack to read and tamper with network traffic. Affected pro...

8.3CVSS5.9AI score0.00152EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/04 3:30 p.m.4 views

EUVD-2025-208269

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

6.5CVSS5.9AI score0.00111EPSS
Exploits0References2
OSV
OSV
added 2026/03/04 2:16 p.m.2 views

CVE-2025-40896

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

4.8CVSS5.8AI score0.00111EPSS
Exploits0References1
Rows per page
Query Builder