GHSA-J2Q8-XX3Q-8FQH Apache Storm's Improper Handling of TLS Client Authentication Failure Leads to Anonymous Principal Assignment

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...

PT-2026-35414

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...

CVE-2026-6264

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

CVE-2026-6264 Critical Security fix for the Talend JobServer and Talend Runtime

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

CVE-2026-6264

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

CVE-2026-6264 Critical Security fix for the Talend JobServer and Talend Runtime

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

PT-2026-32590

Name of the Vulnerable Software and Affected Versions Talend JobServer affected versions not specified Talend Runtime versions prior to R2024-07-RT Description Unauthenticated remote code execution is possible via the JMX monitoring port. Recommendations Require TLS client authentication for the...

CVE-2026-33248 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

EUVD-2023-44814

Malicious code in bioql PyPI...

EUVD-2022-7098

Malicious code in bioql PyPI...

TencentOS Server 2: python (TSSA-2023:0275)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0275 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 3: python3 (TSSA-2023:0260)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0260 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 2: python3 (TSSA-2023:0270)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0270 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 3: python3.11 (TSSA-2023:0241)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0241 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Amazon Linux 2 : python (ALAS-2025-2816)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2816 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows...

Medium: python

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

Internet Bug Bounty: TLS client authentication can be bypassed due to ticket resumption

The TLS client authentication can be bypassed due to ticket resumption. The issue was that TLS session tickets were not properly isolated for multiple virtual hosts in one server. This allowed a ticket issued for one virtual host to be resumed at a different virtual host, circumventing client...

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

F5 Networks BIG-IP : Python vulnerability (K000139685)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139685 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11....

EulerOS Virtualization 3.0.6.6 : python (EulerOS-SA-2024-1663)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A use-after-free exists in Python through 3.9 via heappushpop in heapq. CVE-2022-48560 - An XML External Entity XXE issue was...