Lucene search
+L

608 matches found

RedHat Linux
RedHat Linux
added 2 days ago6 views

undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy

A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...

7.4CVSS6.8AI score0.00476EPSS
Exploits0References6
Circl
Circl
added 3 days ago5 views

CVE-2026-55052

creationtimestamp| type| source ---|---|--- 2026-07-14 19:00:53+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0237 2026-07-14 22:03:13+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-15 01:00:47+00:00| seen|...

8.8CVSS4.8AI score0.00538EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.5 views

undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy

A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...

7.4CVSS7AI score0.00476EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-53022

Name of the Vulnerable Software and Affected Versions Nebula Mesh affected versions not specified Description The web UI /ui/ fails to apply per-operator Certificate Authority CA scoping. This allows any authenticated non-admin operator to access, block, or delete resources belonging to other...

8.8CVSS6AI score
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/25 7:30 p.m.7 views

CVE-2026-55964

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

6.3CVSS5.8AI score0.00118EPSS
Exploits0
CVE
CVE
added 2026/06/25 7:30 p.m.20 views

CVE-2026-55964

CVE-2026-55964 describes a change in certificate path validation affecting OpenSSL-compatibility path building (X509_verify_cert / X509_STORE). Previously, chain-supplied temporary CAs (WOLFSSL_TEMP_CA) could be accepted as signing CAs even if the intermediate CA had CA:TRUE but lacked keyCertSig...

6.3CVSS5.9AI score0.00118EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52643

Name of the Vulnerable Software and Affected Versions Lemur affected versions not specified Description An authorization bypass exists in the StrictRolePermission and AuthorityCreatorPermission classes within lemur/auth/permissions.py. When the configuration flags LEMUR STRICT ROLE ENFORCEMENT an...

8.8CVSS6AI score0.00035EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50517

Name of the Vulnerable Software and Affected Versions undici versions 7.23.0 through 7.27.x undici versions 8.0.0 through 8.4.x Description The ProxyAgent in undici silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. This causes the target HTTPS...

7.4CVSS5.8AI score0.00476EPSS
Exploits0References71
Circl
Circl
added 2026/06/16 9:0 p.m.11 views

CVE-2026-35286

creationtimestamp| type| source ---|---|--- 2026-06-16 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1923 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8 2026-06-18 07:37:07+00:00| seen|...

9.8CVSS4.9AI score0.00483EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 12:41 a.m.17 views

CLEANSTART-2026-OK35650 During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succ...

Multiple security vulnerabilities affect the rancher-agent package. During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed...

9.8CVSS5.5AI score0.00765EPSS
Exploits1References5
HackRead
HackRead
added 2026/06/10 8:53 p.m.13 views

FBI Seizes China-Linked Fake Consulting Sites Targeting US Clearance Holders

The Justice Department and FBI seized 13 fake consulting websites that officials say targeted US clearance holders with paid research work designed to obtain sensitive government information...

5.5AI score
Exploits0
EUVD
EUVD
added 2026/06/09 8:39 a.m.13 views

EUVD-2026-35380

Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connection between an OPC UA client and server using a revoked certificate...

5.6CVSS5.5AI score0.00108EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/08 11:2 p.m.15 views

Netty has Insufficient Bailiwick Validation for NS Records

Summary Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains like .co.uk. Details In...

10CVSS5.5AI score0.00292EPSS
Exploits0References13Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.11 views

CVE-2026-42790

A flaw was found in Erlang OTP publickey. This improper certificate validation vulnerability allows a subordinate Certificate Authority CA with restricted DNS nameConstraints to bypass these restrictions. By issuing a leaf certificate that lacks a Subject Alternative Name SAN but contains a craft...

8.1CVSS5.8AI score0.00338EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/06/02 10:15 p.m.9 views

OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option

A flaw was found in OpenSSH. This vulnerability arises from the incorrect handling of the authorizedkeys principals option in uncommon scenarios. Specifically, when a principals list is used with a Certificate Authority that includes comma characters, OpenSSH may misinterpret the input. This coul...

8.1CVSS5.9AI score0.00176EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2026/05/30 12:0 a.m.13 views

GCVE: A Decentralized Model for Vulnerability Identification, Publication, and Operational Enrichment

The Global CVE initiative GCVE proposes a decentralized, open, and extensible model for vulnerability identification, publication, and enrichment. It addresses a gap in today's vulnerability ecosystem: centralized systems provide rigorous control and widely recognized identifiers, while many...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/28 6:25 p.m.12 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the logging of the entire unmarshaled configuration map at INFO level to /var/log/calico/cni/cni.log during each CNI ADD and DEL invocation. An attacker can obtain sensitive...

7.7CVSS5.8AI score0.00323EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

Tigera Calico 安全漏洞

Tigera Calico is an open-source network security solution developed by the American company Tigera, designed for container, virtual machine, and host workloads. Tigera Calico has a security vulnerability, which stems from the Azure IPAM plugin recording unencrypted configuration mappings in logs...

6CVSS5.8AI score0.00323EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by node.js’s built-in APIs. Erlang/OTP has a security vulnerability, which stems from improper trust in the certificate chain within the publickey module. This allows non-CA...

7CVSS5.8AI score0.0033EPSS
Exploits0References6
OSV
OSV
added 2026/05/26 12:0 a.m.5 views

CVE-2026-48697

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...

7.4CVSS6AI score0.00164EPSS
Exploits0References5
Rows per page
Query Builder