CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NCSC•added 2026/05/30 10:52 a.m.•15 views

Vulnerability handling in Palo Alto Networks PAN-OS and Prisma Access

Palo Alto Networks has identified a vulnerability in the PAN-OS’ GlobalProtect portal and gateway components. An unauthorized malicious actor can exploit this vulnerability to establish a VPN connection. As a result, the malicious actor gains access to internal systems that are accessible via the...

9.1CVSS6.1AI score0.86678EPSS

Exploits9References2

NVD•added 2026/05/13 4:17 p.m.•14 views

CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS0.0011EPSS

OSV•added 2026/05/13 4:17 p.m.•4 views

DEBIAN-CVE-2026-8367

CVE•added 2026/05/13 2:55 p.m.•15 views

CVE-2026-8367

aria2c is affected by an improper certificate validation issue where it accepts a server certificate with an incorrect Extended Key Usage (EKU). If an attacker obtains a certificate (with its private key) intended for a different purpose, they may reuse it to perform TLS server authentication aga...

Positive Technologies•added 2026/05/13 12:0 a.m.•13 views

PT-2026-40700

CNNVD•added 2026/05/13 12:0 a.m.•8 views

Exploits0References2

aria2c 信任管理问题漏洞

aria2c is a lightweight multi-protocol command-line download tool developed by aria2. Aria2c has a trust management vulnerability that stems from accepting server certificates with incorrect extension key purposes. This vulnerability could allow attackers to reuse certificates issued for differen...

Tenable Nessus•added 2026/05/02 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-1858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private...

4.8CVSS5.8AI score0.00155EPSS

Exploits1References3

NVD•added 2026/04/29 9:16 p.m.•8 views

CVE-2026-1858

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS0.00155EPSS

OSV•added 2026/04/29 9:16 p.m.•7 views

DEBIAN-CVE-2026-1858

4.8CVSS5.3AI score0.00155EPSS

EUVD•added 2026/04/29 8:15 p.m.•7 views

EUVD-2026-26285

4.8CVSS5.2AI score0.00155EPSS

Cvelist•added 2026/04/29 8:15 p.m.•31 views

CVE-2026-1858 wget2 Improper Certificate Validation

4.8CVSS0.00155EPSS

Debian CVE•added 2026/04/29 8:15 p.m.•4 views

CVE-2026-1858

4.8CVSS5.3AI score0.00155EPSS

Exploits1

CNNVD•added 2026/04/29 12:0 a.m.•8 views

wget2 输入验证错误漏洞

wget2 is a network file retrieval tool from the American GNU community that supports high-performance concurrent downloads and modern protocol features. wget2 has a vulnerability related to input validation. This vulnerability arises from accepting server certificates with incorrect key purposes ...

4.8CVSS5.8AI score0.00155EPSS

ATTACKERKB•added 2026/04/17 7:22 p.m.•2 views

CVE-2026-32324

7.7CVSS5.8AI score0.00087EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2016-8013

Malware in sbrugna...

7.5CVSS7.6AI score0.08404EPSS

Exploits0References19

OSV•added 2023/04/11 10:15 a.m.•4 views

CVE-2023-23588

A vulnerability has been identified in SIMATIC IPC1047 All versions, SIMATIC IPC1047E All versions with maxView Storage Manager 4.09.00.25611 on Windows, SIMATIC IPC647D All versions, SIMATIC IPC647E All versions with maxView Storage Manager 4.09.00.25611 on Windows, SIMATIC IPC847D All versions,...

6.3CVSS6.5AI score0.00092EPSS