Lucene search
K

3652 matches found

Chainguard
Chainguard
โ€ขadded 5 days agoโ€ข6 views

GHSA-FF52-PH69-CF7X vulnerabilities

Vulnerabilities for packages: opentelemetry-collector-k8s-fips, nri-postgresql-fips, aws-flb-firehose-fips, secrets-store-csi-driver, crossplane-provider-aws-fsx, pdfcpu, nsc-fips, atlas, mlrun-log-collector, crossplane-provider-aws-fsx-fips, consul-k8s, addon-resizer-fips, oras,...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
โ€ขadded 2026/07/07 12:0 a.m.โ€ข12 views

PT-2026-56190

A stored XPATH injection vulnerability exists in opnsense's trust module. Any user if given just System: CA Manager permissions can use a bool side channel/oracle to slowly leak any secret in config.xml character by character. the injection point is in the refid field of a ca object. Write-up for...

6AI score
Exploits1References2
OSV
OSV
โ€ขadded 2026/07/05 5:32 p.m.โ€ข9 views

ROOT-APP-MAVEN-CVE-2026-55470 CVE-2026-55470 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 - Patched by Root

Root has patched CVE-2026-55470 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00354EPSS
Exploits0
Snyk
Snyk
โ€ขadded 2026/07/03 8:18 a.m.โ€ข6 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the connection pool process. An attacker can bypass intended certificate validation by reusing a handle that initially used the default native CA trust and then switching it to custom CA...

9.1CVSS6AI score0.0061EPSS
Exploits1References2
Cvelist
Cvelist
โ€ขadded 2026/07/03 6:12 a.m.โ€ข36 views

CVE-2026-11564 Native CA trust persist

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

0.0061EPSS
Exploits1References3
OSV
OSV
โ€ขadded 2026/06/30 6:18 p.m.โ€ข5 views

GHSA-WMGG-3P4H-48X7 Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover

Summary A stronger framing of the same root cause as GHSA-gx55-f84r-v3r7: the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous fields into the generated pods. Details Three independent flaws compounded: 1. Validate gap...

9.9CVSS5.8AI score0.003EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
โ€ขadded 2026/06/26 12:0 a.m.โ€ข6 views

libcurl 8.17.0 < 8.21.0 Native CA Trust Persist

The version of libcurl installed on the remote host is 8.17.0 prior to 8.21.0. It is, therefore, affected by an improper certificate validation vulnerability: - An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches th...

9.1CVSS6AI score0.0061EPSS
Exploits1References2
OSV
OSV
โ€ขadded 2026/06/25 8:17 p.m.โ€ข4 views

DEBIAN-CVE-2026-55964

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

5.3CVSS5.8AI score0.00118EPSS
Exploits0References1
Debian CVE
Debian CVE
โ€ขadded 2026/06/25 8:8 p.m.โ€ข7 views

CVE-2026-6731

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...

7.5CVSS5.8AI score0.00124EPSS
Exploits0
Cvelist
Cvelist
โ€ขadded 2026/06/25 7:30 p.m.โ€ข36 views

CVE-2026-55964 Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA (temporary CA exemption)

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

6.3CVSS0.00118EPSS
Exploits0References2
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/25 12:0 a.m.โ€ข14 views

PT-2026-52573

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An issue exists where chain intermediate certificates asserting CA:TRUE but lacking the keyCertSign key usage were accepted as signing CAs. This occurs because chain-supplied temporary CAs...

6.3CVSS5.8AI score0.00118EPSS
Exploits0References5
NVD
NVD
โ€ขadded 2026/06/22 6:16 p.m.โ€ข16 views

CVE-2026-12249

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

9.5CVSS0.00111EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/06/22 3:43 p.m.โ€ข4 views

CVE-2026-12249

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

9.5CVSS6AI score0.00111EPSS
Exploits0References3Affected Software5
CVE
CVE
โ€ขadded 2026/06/22 3:43 p.m.โ€ข24 views

CVE-2026-12249

Canonical ADSys upstream versions up to v0.16.2 expose a flaw in AD CS auto-enrollment where the vendored Samba client uses plaintext HTTP (GETCACert) to fetch the CA certificate, enabling a network attacker in a MITM position to supply an attacker-controlled Root CA. This leads to automatic enro...

9.5CVSS6AI score0.00111EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/06/18 7:42 p.m.โ€ข44 views

Security Bulletin: Vulnerabilities in OpenSSL (CVE-1015-1793)

Question Security Bulletin: Vulnerabilities in OpenSSL CVE-1015-1793 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

5.4AI score
Exploits0Affected Software1
EUVD
EUVD
โ€ขadded 2026/06/18 2:28 p.m.โ€ข11 views

EUVD-2026-37763

undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent...

7.4CVSS5.8AI score0.00476EPSS
Exploits0References3
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/12 12:0 a.m.โ€ข19 views

PT-2026-48872

VeraCrypt 1.26.29 is now available!๐ŸŽ‰ - Argon2id KDF for non-system volumes - Security fixes: CVE-2026-54073 & CVE-2026-53762 - Microsoft UEFI CA 2023 support for system encryption - Driver, EFI, Linux/macOS fixes ๐Ÿ”—More details at https://t.co/xdLi5dqTrX...

5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/12 12:0 a.m.โ€ข17 views

PT-2026-48875

โš ๏ธ If you use hidden volumes in VeraCrypt: Versions 1.26.6 โ€“ 1.26.28 had a regression that could weaken plausible deniability of hidden volumes inside file containers CVE-2026-54073. Fixed in 1.26.29. If this applies to you, recreate the container + hidden volume with the new version and securely...

5.3AI score
Exploits0References4
RedhatCVE
RedhatCVE
โ€ขadded 2026/06/11 2:59 p.m.โ€ข12 views

CVE-2026-52754

Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify...

8.8CVSS5.5AI score0.00252EPSS
Exploits0References1
RedHat Linux
RedHat Linux
โ€ขadded 2026/06/11 1:40 p.m.โ€ข11 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.8AI score0.00765EPSS
Exploits1References8
Rows per page
Query Builder