CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/26 12:0 a.m.•4 views

epa4all-client 信任管理问题漏洞

epa4all-client is an open-source document writing client tool developed by Oviva AG. Versions of epa4all-client prior to version 1.2.2 contained a vulnerability related to trust management. This vulnerability allowed attackers to present arbitrary TLS certificates on the network path and intercep...

8.1CVSS5.9AI score0.00006EPSS

CNNVD•added 2026/05/21 12:0 a.m.•2 views

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in the file...

8.2CVSS5.8AI score0.00022EPSS

Exploits0References4

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в ntfs-3g

An invalid return code in fusekernmount allows for intercepting the libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite...

6.7CVSS7AI score0.00025EPSS

RedhatCVE•added 2026/05/15 7:57 a.m.•1 views

CVE-2026-0249

Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subn...

Positive Technologies•added 2026/05/15 12:0 a.m.•5 views

PT-2026-41395

Name of the Vulnerable Software and Affected Versions epa4all-client versions prior to 1.2.2 Description An attacker positioned on the network path between the ePA service and the Konnektor can present any TLS certificate, such as self-signed, expired, or those with an incorrect Common Name CN, t...

8.1CVSS5.8AI score0.00006EPSS

Exploits0References9

EUVD•added 2026/05/13 9:32 p.m.•2 views

EUVD-2026-30100

NVD•added 2026/05/13 7:16 p.m.•2 views

CVE-2026-0249

7.6CVSS0.00006EPSS

CVE•added 2026/05/13 7:5 p.m.•5 views

CVE-2026-0248

The CVE-2026-0248 entry concerns the Prisma Access Agent for Android and Chrome OS, with an improper certificate validation vulnerability that enables a man-in-the-middle (MitM) on VPN traffic by accepting any domain certificate issued by a trusted CA. Affected: Android and Chrome OS only; not af...

8.6CVSS5.8AI score0.00006EPSS

ATTACKERKB•added 2026/05/13 6:32 p.m.•3 views

CVE-2026-0249

Exploits0References2Affected Software1

Cvelist•added 2026/05/13 6:32 p.m.•21 views

CVE-2026-0249 GlobalProtect App: Certificate Validation Bypass Vulnerabilities

7.6CVSS0.00006EPSS

CVE•added 2026/05/13 6:32 p.m.•5 views

CVE-2026-0249

CVE-2026-0249 describes multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect app. The provided documents state that the GlobalProtect app is not affected on Linux, Windows, iOS, or GlobalProtect UWP, implying that other platforms may be impacted, but th...

CNNVD•added 2026/05/13 12:0 a.m.•4 views

Palo Alto Networks GlobalProtect app 信任管理问题漏洞

The Palo Alto Networks GlobalProtect app is a network protection software developed by Palo Alto Networks. The GlobalProtect app has a trust management vulnerability caused by improper certificate verification. This vulnerability allows attackers to intercept encrypted communications and...

Positive Technologies•added 2026/05/13 12:0 a.m.•5 views

PT-2026-40773

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect app affected versions not specified Description Improper certificate validation allows an attacker to intercept encrypted communications and potentially compromise the endpoint. A local non-administrative...

CNNVD•added 2026/05/01 12:0 a.m.•3 views

Exploits0References4

V2Board 安全漏洞

V2Board is a multi-user proxy service management panel for V2Board open source. A security vulnerability exists in V2Board 1.7.4 and earlier versions that originates from server authentication tokens being transmitted via GET parameters, which could lead to an attacker extracting the token from a...

7.5CVSS5.8AI score0.00056EPSS

Exploits1References1

ATTACKERKB•added 2026/04/28 9:15 p.m.•2 views

CVE-2026-33467

Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute a tampered package without the integrity check failing close...

5.9CVSS5.3AI score0.00018EPSS

Exploits0References2Affected Software1

NVD•added 2026/04/23 10:16 p.m.•1 views

CVE-2026-41342

OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof discovery endpoints to redirect onboarding toward malicious gateways and capture...

8.1CVSS0.00014EPSS