Lucene search
K

4 matches found

OSV
OSV
added 2026/04/17 6:31 a.m.4 views

GHSA-8R5M-3F66-QPR3 HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0,...

5.3CVSS5.7AI score0.00332EPSS
Exploits0References3
NVD
NVD
added 2026/04/17 4:16 a.m.28 views

CVE-2026-5052

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0,...

8.6CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added 2026/04/17 2:55 a.m.254 views

CVE-2026-5052

Vault’s PKI engine ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges, creating potential SSRF and information disclosure against internal targets. The issue affects Vault Community Edition up to 2.0.0 and Vault Enterprise up to 2.0.0, as well as 1.21.5, ...

8.6CVSS5.8AI score0.00332EPSS
Exploits0References1Affected Software1
Malwarebytes
Malwarebytes
added 2022/01/27 9:44 p.m.45 views

Let’s Encrypt to revoke “mis-issued” certificates

If you use a Let’s Encrypt SSL/TLS certificate, you may wish to check your account over the coming days. Revocation is coming, and you’ve only got until tomorrow to figure things out. What’s the deal with free certificates? If you’re running a website, you want to make sure that it’s HTTPs. It...

7.1AI score
Exploits0
Rows per page
Query Builder