Lucene search
K

4 matches found

OSV
OSV
added 2026/04/14 1:1 a.m.5 views

GHSA-XM5M-WGH2-RRG3 Sigstore Timestamp Authority has Improper Certificate Validation in verifier

Authorization bypass via certificate bag manipulation in sigstore/timestamp-authority verifier An authorization bypass vulnerability exists in sigstore/timestamp-authority verifier timestamp-authority/v2/pkg/verification: VerifyTimestampResponse function correctly verifies the certificate chain b...

5.5CVSS5.7AI score0.00099EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/14 1:1 a.m.5 views

Sigstore Timestamp Authority has Improper Certificate Validation in verifier

Authorization bypass via certificate bag manipulation in sigstore/timestamp-authority verifier An authorization bypass vulnerability exists in sigstore/timestamp-authority verifier timestamp-authority/v2/pkg/verification: VerifyTimestampResponse function correctly verifies the certificate chain b...

7.5CVSS5.7AI score0.00188EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.5 views

3x-ui 安全漏洞

3x-ui is a software by Sanaei Personal Developers. A security vulnerability exists in versions prior to 3x-ui v.2.5.3, which stems from a failure to check the certificate option in the administration script x-ui, which could lead to the execution of arbitrary code...

9.8CVSS6.7AI score0.00393EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/06/01 12:0 a.m.5 views

CVE-2022-27781

libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation...

7.3AI score0.02434EPSS
Exploits1References5
Rows per page
Query Builder