CVE-2026-9697

undici’s ProxyAgent drops the requestTls option when used with a SOCKS5 proxy (socks5:// or socks://), causing the HTTPS connection to rely on Node’s default trust store and ignore user-provided ca, cert, key, rejectUnauthorized, and servername. This allows any cert signed by a publicly trusted C...

PT-2026-34188

Name of the Vulnerable Software and Affected Versions Oxia versions prior to 0.16.2 Description The trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates, such as an intermediate and a root CA,...

CLSA-2026-1774279106 Update of alt-php

Update ca-certificates database to 20260303: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.84. - The following certificates were updated: Certificate "GlobalSign Root CA" Certificate "Entrust.net Premium 2048 Secure Server CA" Certificate "Comodo AAA...

CLSA-2026-1773684237 Update of alt-php

Update ca-certificates database to 20260305: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.84. - The following certificates were added: Certificate "TrustAsia TLS ECC Root CA" Certificate "TrustAsia TLS RSA Root CA" Certificate "SwissSign RSA TLS Roo...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the CLI login command when the -skip-verify flag is used without the --cacert flag. An attacker can intercept sensitive information or perform man-in-the-middle attacks by exploiting the lack of proper...

curl: Silent TLS Trust Model Hijacking via `CURL_CA_BUNDLE` Environment Variable Leads to MITM

Summary: curl is vulnerable to silent Man-in-the-Middle MITM attacks due to its design, which implicitly trusts the CA certificate path specified in the CURLCABUNDLE environment variable. This mechanism allows the entire TLS trust model chain of trust of curl to be hijacked without any warning or...

PT-2024-41021 · Unknown · Ca-Certificates

Name of the Vulnerable Software and Affected Versions: ca-certificates affected versions not specified Description: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.64 version of the Mozilla certificate...

USN-5473-1 ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.50 version of the Mozilla certificate authority bundle...

USN-2903-1 nss vulnerability

Hanno Böck discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses. CVE-2016-1938 This update also refreshes the NSS package to version 3.21 which includes the latest CA certificate bundle, and removes the SPI CA...