CVE-2026-12249

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

CVE-2026-12249

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

CVE-2026-12249

Canonical ADSys upstream versions up to v0.16.2 expose a flaw in AD CS auto-enrollment where the vendored Samba client uses plaintext HTTP (GETCACert) to fetch the CA certificate, enabling a network attacker in a MITM position to supply an attacker-controlled Root CA. This leads to automatic enro...

Security Bulletin: Vulnerabilities in OpenSSL (CVE-1015-1793)

Question Security Bulletin: Vulnerabilities in OpenSSL CVE-1015-1793 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

EUVD-2026-37763

undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent...

PT-2026-48872

VeraCrypt 1.26.29 is now available!🎉 - Argon2id KDF for non-system volumes - Security fixes: CVE-2026-54073 & CVE-2026-53762 - Microsoft UEFI CA 2023 support for system encryption - Driver, EFI, Linux/macOS fixes 🔗More details at https://t.co/xdLi5dqTrX...

PT-2026-48875

⚠️ If you use hidden volumes in VeraCrypt: Versions 1.26.6 – 1.26.28 had a regression that could weaken plausible deniability of hidden volumes inside file containers CVE-2026-54073. Fixed in 1.26.29. If this applies to you, recreate the container + hidden volume with the new version and securely...

CVE-2026-52754

Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify...

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

EUVD-2026-36057

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

CVE-2026-6899

Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connection between an OPC UA client and server using a revoked certificate...

Linux Distros Unpatched Vulnerability : CVE-2026-42769

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response...

EUVD-2026-35380

Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connection between an OPC UA client and server using a revoked certificate...

OpenSSL 加密问题漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

CVE-2026-42875

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace w...

CVE-2026-40944

Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded...

CVE-2026-5787

An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates...

OESA-2026-2575 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A flaw was found in Samba's certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and...

Omni: Reader-level users can retrieve imported cluster CA keys via ResourceService

Summary Omni supports importing standalone Talos clusters. During this process, an ImportedClusterSecrets resource is created, which contains the full CA secrets bundle for the cluster being imported. If these secrets are not rotated by the importing actor, an authenticated Omni user with Reader...

PT-2026-46989

Summary Omni supports importing standalone Talos clusters. During this process, an ImportedClusterSecrets resource is created, which contains the full CA secrets bundle for the cluster being imported. If these secrets are not rotated by the importing actor, an authenticated Omni user with Reader...