Oxia's TLS CA certificate chain validation fails with multi-certificate PEM bundles

Summary The trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded. This silently breaks certificate chain validation for mTLS...

Linux Distros Unpatched Vulnerability : CVE-2026-27586

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS clie...

Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed

Summary Two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts without error but accepts any client certificate signed by any system-trusted CA,...

UBUNTU-CVE-2026-27586

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

CVE-2026-27586

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

CVE-2026-27586

Summary (CVE-2026-27586): Caddy prior to 2.11.1 has two swallowed errors in ClientAuthentication.provision() that cause mTLS client authentication to silently fail open when the CA certificate file is missing, unreadable, or malformed. The server starts and accepts client certs signed by any syst...

CVE-2026-27586 Caddy's mTLS client authentication silently fails open when CA certificate file is missing or malformed

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

CVE-2026-27586 Caddy's mTLS client authentication silently fails open when CA certificate file is missing or malformed

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

Linux Distros Unpatched Vulnerability : CVE-2024-1351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to...

Exploit for CVE-2025-54589

CVE-2025-54589 – Copyparty Reflected XSS Author: Byte Rea...

MongoDB Server 安全漏洞

MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . MongoDB Server suffers from a trust management issue vulnerability that stems...

SUSE CVE-2010-4334

The IO::Socket::SSL module 1.35 for Perl, when verifymode is not VERIFYNONE, fails open to VERIFYNONE instead of throwing an error when a cafile/capath cannot be verified, which allows remote attackers to bypass intended certificate restrictions...

SUSE CVE-2012-2132

libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection...

SUSE CVE-2014-3230

The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the 1 HTTPSCADIR or 2 HTTPSCAFILE environment variable...

Design/Logic Flaw

Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS...

Traefik routes exposed with an empty TLSOption

Impact There is a potential vulnerability in Traefik managing the TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client...

SQL Injection Vulnerability in Jinwei Mobile Mall System ca***.php File

Jinwei mobile mall system is a micro-business customers with a public number, imitation hand Tao page layout, support embedded video playback. Support customized model specifications, the main specifications support attached pictures, each subdivided model support inventory control, subdivided...

Payment Logic Vulnerability in Cloud Industry CMS ca***.php File

Yunye CMS is an enterprise website building system developed by Luoyang Yunye Information Technology Co. Payment logic vulnerability exists in the CMS ca.php file. Attackers can use this vulnerability to arbitrarily modify the size of the payment amount...

SQL injection vulnerability in the ca***.php file in the background of Yunye CMS (CNVD-2020-00234)

Yunye CMS is an enterprise website building system developed by Luoyang Yunye Information Technology Co. There is a SQL injection vulnerability in the background ca.php file of Yunye CMS. Attackers can use the vulnerability to obtain sensitive information in the database...

DEBIAN-CVE-2012-2132

libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection...