60 matches found
CVE-2026-45063
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, X509Authenticator extracts the user identifier from $SERVER'SSLCLIENTSDN' with an unanchored regex that matches emailAddress= anywhere in the distinguishe...
CVE-2026-45063
Symfony X509Authenticator vulnerability (CVE-2026-45063) allows identity spoofing because an unanchored regex extracts emailAddress from the certificate Subject DN, enabling a trusted certificate with emailAddress embedded in another RDN (e.g., CN) to authenticate as another user. Impact is high ...
CVE-2026-45389
Summary (OCaml-TLS CVE-2026-45389): OCaml-TLS versions before 2.1.0 fail to properly validate KeyUsage and ExtendedKeyUsage on client certificates during mutual TLS, allowing impersonation with certificates intended for server authentication. The issue arises in the server-side certificate valida...
CVE-2026-52754 Ghidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule
Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify...
National Security Agency Ghidra 数据伪造问题漏洞
National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Prior to version 12.1 of National Security Agency Ghidra, there was a data manipulation vulnerability. This vulnerability stemmed from the PKIAuthenticationModule.authenticat...
PT-2026-48414
Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify...
CVE-2026-34181
Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...
CVE-2026-44393
An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When sslcafile is configured, the driver enables certificate chain validation but does not pass the expect...
PT-2026-42202
Name of the Vulnerable Software and Affected Versions OCaml-TLS versions prior to 2.1.0 Description The client implementation in OCaml-TLS fails to properly validate the KeyUsage and ExtendedKeyUsage EKU extensions of server certificates during TLS 1.3 handshakes. Specifically, the answer...
Vulnerabilities managed in Ivanti Endpoint Manager Mobile
Ivanti has identified five vulnerabilities in Endpoint Manager Mobile EPMM, also known as MobileIron. One of these vulnerabilities, labeled CVE-2026-6973, allows an authenticated malicious actor with administrative access to remotely execute arbitrary code with administrator privileges. Ivanti...
CVE-2026-40243
Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...
Improper Handling of Case Sensitivity
Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the enforcement of X.509 nameConstraints due to case-sensitive comparisons for dNSName and the domain portion of rfc822Name. An attacker can gain unauthorized certificate validation and potential...
Certificate Impersonation
spring-security-web is vulnerable to certificate impersonation. The vulnerability is due to improper parsing of malformed X.509 certificate CN values in SubjectX500PrincipalExtractor, which can result in extracting an incorrect username and allow attackers to impersonate another user...
CLEANSTART-2026-CF62516 Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper s...
Multiple security vulnerabilities affect the kserve-modelmesh package. Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid...
CVE-2026-34610
The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when storing the Common Name CN length. An attacker who crafts a certificate with CN = victim's CN +...
CVE-2026-34610 leancrypto: Integer truncation in X.509 name parser enables certificate identity impersonation
The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when storing the Common Name CN length. An attacker who crafts a certificate with CN = victim's CN +...
CVE-2026-34610
The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when storing the Common Name CN length. An attacker who crafts a certificate with CN = victim's CN +...
CVE-2026-34610 leancrypto: Integer truncation in X.509 name parser enables certificate identity impersonation
The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when storing the Common Name CN length. An attacker who crafts a certificate with CN = victim's CN +...
CVE-2026-34610
The CVE affects leancrypto's PQC-focused crypto library. Before 1.7.1, lc_x509_extract_name_segment() truncates size_t vlen to uint8_t for CN length, allowing an attacker to craft a certificate whose CN impersonates the victim’s CN during PKCS#7 verification, certificate chain matching, and code ...
EUVD-2026-18466
The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when storing the Common Name CN length. An attacker who crafts a certificate with CN = victim's CN +...