CVE-2026-44213

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...

OpenTelemetry Collector Contrib 信任管理问题漏洞

OpenTelemetry Collector Contrib is an extensible telemetry data collection component library developed by OpenTelemetry - CNCF. Versions of OpenTelemetry Collector Contrib prior to 1.1.0 contained a trust management vulnerability. This vulnerability stemmed from the lack of validation of HTTPS/TL...

PT-2026-42527

Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile login.inc.php by setting CURLOPT SSL VERIFYPEER to false and not setting CURLOPT SSL VERIFYHOST when issuing outbound HTTPS requests for outbound HTTPS requests issued during the mobile RouteMate login flow. A...

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in the ajax/reports.php file...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields also need to match, as they define the client’s identity, as presented ...

RHCOS 4 : OpenShift Container Platform 4.18.42 (RHSA-2026:17446)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17446 advisory. - golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 - golang: net/url: Memory exhaustion in quer...

RHCOS 4 : OpenShift Container Platform 4.17.54 (RHSA-2026:17595)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17595 advisory. - golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 - golang: net/url: Memory exhaustion in quer...

CVE-2026-44363

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

lemur 注入漏洞

Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a injection vulnerability. This vulnerability stemmed from the LDAP authentication module using uncleaned user input to construct LDAP search filters, which could lead to...

GHSA-WFR5-454P-MJC2 OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured

Summary The OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the INSTANAENDPOINTPROXY environment variable. If a network attacker can Man-in-the-Middle MitM the...

RHCOS 4 : OpenShift Container Platform 4.6.42 (RHSA-2021:3009)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3009 advisory. - golang: net: lookup functions may return invalid host names CVE-2021-33195 - golang: net/http/httputil: ReverseProxy forwards...

RHCOS 4 : OpenShift Container Platform 4.8.9 (RHSA-2021:3248)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3248 advisory. - golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header CVE-2021-31525 - golang: net: lookup...

Astra Linux - уязвимость в firefox

If a user visited a webpage with an invalid TLS certificate and granted an exception, the webpage was able to present a WebAuthn challenge that the user was prompted to complete. This violates the WebAuthN specification, which requires a secure transport connection without errors. This...

RHCOS 4 : OpenShift Container Platform 4.18.37 (RHSA-2026:6552)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6552 advisory. - crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption CVE-2025-68121 Note that Nessus has not tested for...

CVE-2025-10539 Improper TLS Certificate Validation RCE via Malicious Update in DeskTime Time Tracking App

Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...

SUSE-SU-2026:21181-1 Security update for nodejs24

This update for nodejs24 fixes the following issues: Update to version 24.14.1. Security issues fixed: - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716:...

CVE-2026-4370 Improper TLS Client/Server authentication and certificate verification on Database Cluster

A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client...

Fortinet FortiManager Lack of TLS Certificate Validation during initial SSO Authentication (FG-IR-26-078)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-078 advisory. - A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 throu...

PT-2026-24011

Name of the Vulnerable Software and Affected Versions Taipower APP affected versions not specified Description The Taipower APP developed by Taipower exhibits an Improper Certificate Validation issue. The application does not properly validate server-side TLS/SSL certificates when establishing an...

CVE-2025-40896 Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...