CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 4 days ago•24 views

CVE-2026-10592 Wildcard DNS SAN bypasses CA name-constraint checks

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS0.00124EPSS

Exploits0References2

RedHat Linux•added 4 days ago•6 views

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS5.8AI score0.0052EPSS

Exploits1References5

RedHat Linux•added 2026/06/16 4:53 p.m.•5 views

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

7.4CVSS5.2AI score0.0052EPSS

Exploits1References5

Tenable Nessus•added 2026/06/08 12:0 a.m.•11 views

TencentOS Server 4: gnutls (TSSA-2026:0431)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0431 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.2CVSS5.6AI score0.00388EPSS

OSV•added 2026/06/05 5:44 a.m.•9 views

BIT-GOLANG-2026-27145 Inefficient candidate hostname parsing in crypto/x509

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

6.5CVSS5.6AI score0.00561EPSS

Exploits0References5

SUSE CVE•added 2026/06/04 2:27 a.m.•9 views

SUSE CVE-2026-27145

3.3CVSS5.9AI score0.00561EPSS

Exploits0References7

EUVD•added 2026/06/03 12:30 a.m.•13 views

EUVD-2026-34038

5.9AI score0.00561EPSS

Exploits0References5

Tenable Nessus•added 2026/06/03 12:0 a.m.•16 views

Linux Distros Unpatched Vulnerability : CVE-2026-27145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, . t...

6.5CVSS5.7AI score0.00561EPSS

OSV•added 2026/06/02 11:16 p.m.•7 views

DEBIAN-CVE-2026-27145

6.5CVSS5.9AI score0.00561EPSS

Vulnrichment•added 2026/06/02 10:1 p.m.•8 views

CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509

5.9AI score0.00561EPSS

Exploits0References4

CVE•added 2026/06/02 10:1 p.m.•88 views

CVE-2026-27145

The CVE-2026-27145 issue affects the Go standard library’s crypto/x509 VerifyHostname path, where VerifyHostname previously calls matchHostnames in a loop over all DNS SAN entries. This design causes strings.Split(host, ".") to run repeatedly on the same input, leading to a quadratic increase in ...

6.5CVSS5.9AI score0.00561EPSS

Exploits0References4

ATTACKERKB•added 2026/06/02 10:1 p.m.•7 views

CVE-2026-27145

5.9AI score0.00561EPSS

Exploits0References5Affected Software1

SUSE CVE•added 2026/05/28 3:58 a.m.•13 views

SUSE CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

7.6CVSS5.8AI score0.00231EPSS

SUSE Linux•added 2026/05/27 7:58 a.m.•8 views

Security update for gnutls

This update for gnutls fixes the following issues CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive bsc1263707. CVE-2026-5260: lib/pkcs11privkey: guard against overreading on short ciphertexts bsc1263715. CVE-2026-33845: buffers: switch from endoffset over to fraglength...

8.8CVSS5.8AI score0.01227EPSS

Exploits1References44

FreeBSD•added 2026/05/27 12:0 a.m.•49 views

Erlang/OTP -- TLS hostname verification bypass via Subject CommonName fallback and name constraints

https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447 reports: Erlang/OTP's TLS hostname verification implements a legacy RFC 6125 fallback that checks the Subject CommonName when the Subject Alternative Name SAN extension is absent, rather than following RFC 9525 which requires...

8.1CVSS5.8AI score0.00231EPSS

OSV•added 2026/05/26 10:16 p.m.•7 views

ALPINE-CVE-2026-42013

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name SAN could cause the validation process to incorrectly fall back to checking the Common Name CN field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to...

EUVD•added 2026/05/26 9:29 p.m.•11 views

EUVD-2026-32011

ATTACKERKB•added 2026/05/26 9:29 p.m.•10 views

CVE-2026-42013

CVE•added 2026/05/26 9:29 p.m.•51 views

Exploits0References11

CVE-2026-42013

CVE-2026-42013 affects GnuTLS. An oversized Subject Alternative Name (SAN) could cause cert validation to fall back to CN, enabling potential MITM/spoofing. OpenSUSE, Debian, Ubuntu, and OSV advisories indicate patched releases (e.g., OpenSUSE Leap 16.0 patch; Debian gnutls28 3.7.1-5+deb11u10; Ub...