CVE-2026-4364

The CVE-2026-4364 entry affects IBM Verify Identity Access Container (11.0–11.0.2), IBM Security Verify Access Container (10.0–10.0.9.1), IBM Verify Identity Access (11.0–11.0.2), and IBM Security Verify Access (10.0–10.0.9.1). The root cause is that the server returns a JSON payload with the Con...

GO-2026-4595 Non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints in github.com/canonical/lxd

Non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints in github.com/canonical/lxd...

GHSA-CRMG-9M86-636R lxd's non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints

Summary The GET /1.0/certificates endpoint non-recursive mode returns URLs containing fingerprints for all certificates in the trust store, bypassing the per-object canview authorization check that is correctly applied in the recursive path. Any authenticated identity — including restricted,...