Lucene search
+L

4 matches found

osv
osv
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-575 wolfSSL Python module vulnerable to Improper Authentication

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

9.3CVSS5.7AI score0.00272EPSS
Exploits0References7
osv
osv
added 2026/02/06 10:34 p.m.3 views

GHSA-4JQP-9QJV-57M2 Keylime Missing Authentication for Critical Function and Improper Authentication

Impact The Keylime registrar does not enforce mutual TLS mTLS client certificate authentication since version 7.12.0. The registrar's TLS context is configured with ssl.CERTOPTIONAL instead of ssl.CERTREQUIRED, allowing any client to connect to protected API endpoints without presenting a valid...

9.4CVSS5.6AI score0.05431EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/01/07 12:0 a.m.10 views

PT-2026-1769

Name of the Vulnerable Software and Affected Versions wolfssl-py versions up to and including 5.8.2 Description A flaw exists in the handling of verify mode = CERT REQUIRED within the wolfssl Python package wolfssl-py. The absence of the WOLFSSL VERIFY FAIL IF NO PEER CERT flag causes the softwar...

9.3CVSS6.5AI score0.00272EPSS
Exploits0References16
githubexploit
githubexploit
added 2024/11/26 12:39 p.m.243 views

Exploit for SQL Injection in Microsoft

Microsoft Configuration Manager ConfigMgr / SCCM 2403 Unauth...

9.8CVSS10AI score0.6111EPSS
Exploits3
Rows per page
Query Builder