EUVD-2026-18160

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...

CVE-2026-29140 S/MIME Signature Additional Certificate

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...

CVE-2026-29140 S/MIME Signature Additional Certificate

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...

Insyde UEFI Digital Certificate Injection

A potential security vulnerability has been identified in certain HP PC products using Insyde BIOS InsydeH20 UEFI Firmware, which might allow escalation of privilege, arbitrary code execution, denial of service, and/or information disclosure. Insyde is releasing mitigation for the potential...

EUVD-2015-5328

Malware in sbrugna...

CVE-2025-6182 Root Certificate Injection

The StrongDM Windows service incorrectly handled communication related to system certificate management. Attackers could exploit this behavior to install untrusted root certificates or remove trusted ones...

CVE-2025-6182 Root Certificate Injection

The StrongDM Windows service incorrectly handled communication related to system certificate management. Attackers could exploit this behavior to install untrusted root certificates or remove trusted ones...

A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable

Overview A vulnerability in an Insyde H2O UEFI firmware application allows digital certificate injection through an unprotected NVRAM variable. This issue arises from the unsafe use of an NVRAM variable, which is used as trusted storage for a digital certificate in the trust validation chain. An...

PT-2023-7210 · Ibm · Ibm Aix

Name of the Vulnerable Software and Affected Versions: IBM AIX version 7.3 Description: The issue is related to the Python implementation in IBM AIX, which could allow a non-privileged local user to cause a denial of service due to insufficient input validation. A race condition in the SSLSocket...

Security Bulletin: Vulnerability with Python affect IBM Cloud Object Storage Systems (Sept2023v2)

Summary Vulnerability with Python CVE-2023-40217 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-40217 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by a race condition in the SSLSocket module...

acme.sh -- closes potential remote vuln

Neil Pang reports: HiCA was injecting arbitrary code/commands into the certificate obtaining process and acme.sh is running them on the client machine...

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

Code injection

It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificate...

Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28

Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted...

AdNovum nevisAuth SAML Certificate Matching Vulnerability

AdNovum nevisAuth is a user system authentication and access management solution. AdNovum nevisAuth fails to correctly match X.509 certificates and IdP certificates, allowing remote attackers to submit specially crafted certificates to inject arbitrary SAML assertions...