Lucene search
K

1208 matches found

CVE
CVE
added yesterday13 views

CVE-2026-11564

CVE-2026-11564 affects libcurl where a handle using default native CA trust may later switch to custom CA material and continue trusting the platform store, due to keeping previously used connections in a pool for reuse. Public docs describe the issue for versions affected by libcurl 8.17.0 prior...

6AI score
Exploits0References3
NVD
NVD
added 2 days ago8 views

CVE-2026-8482

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS0.00212EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41271

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41207

Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...

7.6CVSS5.7AI score0.00135EPSS
Exploits0References5
CVE
CVE
added 3 days ago12 views

CVE-2026-14440

Summary: CVE-2026-14440 concerns Cloudflare’s Universal SSL: automatic, permissive CAA RRset management on Universal SSL zones supersedes customer CAA records. When customers push stricter CAA via RFC 8657 accounturi or validationmethods, CAs do not observe those parameters during RFC 8659 evalua...

7.6CVSS5.7AI score0.00135EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 3 days ago5 views

CVE-2026-14440 Cloudflare Universal SSL automatically managed CAA RRset supersedes customer-configured CAA records

Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...

7.6CVSS5.7AI score0.00135EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago4 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.8AI score0.00765EPSS
Exploits1References8
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39580

iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...

5.7CVSS5.8AI score0.00155EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:22 p.m.3 views

GHSA-5CGQ-3RG8-M6CV golang.org/x/crypto/ssh/knownhosts vulnerable to auth bypass via unenforced @revoked status

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

9.1CVSS5.8AI score0.00469EPSS
Exploits0References13
EUVD
EUVD
added 2026/06/25 10:22 p.m.10 views

EUVD-2026-31399

golang.org/x/crypto/ssh/knownhosts vulnerable to auth bypass via unenforced @revoked status...

9.1CVSS5.8AI score0.00469EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/25 10:22 p.m.8 views

golang.org/x/crypto/ssh/knownhosts vulnerable to auth bypass via unenforced @revoked status

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

9.1CVSS5.8AI score0.00469EPSS
Exploits0References13Affected Software1
NVD
NVD
added 2026/06/25 10:17 p.m.7 views

CVE-2026-7532

iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...

7.5CVSS0.00155EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:15 p.m.2 views

GHSA-78MQ-XCR3-XM33 golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

5.3CVSS5.8AI score0.00369EPSS
Exploits0References11
CVE
CVE
added 2026/06/25 9:31 p.m.13 views

CVE-2026-7532

CVE-2026-7532 describes an IP address name constraints bypass in WolfSSL when WOLFSSL_IP_ALT_NAME is not defined. In this configuration, IP address name constraints are not enforced, allowing a certificate to bypass an issuing CA’s IP address constraints. This affects WolfSSL deployments that rel...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 9:31 p.m.20 views

CVE-2026-7532 iPAddress name constraints not enforced when WOLFSSL_IP_ALT_NAME is undefined

iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...

5.7CVSS0.00155EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 8:17 p.m.9 views

CVE-2026-55964

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

6.3CVSS0.00118EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 7:40 p.m.5 views

EUVD-2026-39549

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS5.8AI score0.00124EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 7:40 p.m.5 views

CVE-2026-10592

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS5.8AI score0.00124EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 7:40 p.m.26 views

CVE-2026-10592 Wildcard DNS SAN bypasses CA name-constraint checks

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS0.00124EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 11:0 a.m.4 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.7AI score0.00765EPSS
Exploits1References8
Rows per page
Query Builder