Lucene search
K

123 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2 days ago5 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892

Summary IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...

9.8CVSS6.2AI score0.00652EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

RockyLinux 9 : runc (RLSA-2026:29702)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:29702 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References7
NVD
NVD
added 6 days ago5 views

CVE-2026-46734

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

7.8CVSS0.00064EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.4 views

RHEL 10 : buildah (RHSA-2026:29195)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:29195 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

7.5CVSS6AI score0.00728EPSS
Exploits0References10
Snyk
Snyk
added 2026/06/09 6:33 p.m.9 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in OSSLCMPget1rootCaKeyUpdate. An attacker with credentials that satisfy the CMP message protection checks, such as a Registration Authority, can replace the root CA certificate held by affected CMP clien...

6CVSS5.5AI score0.00262EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.18 views

RHEL 10 : go-fdo-client and go-fdo-server (RHSA-2026:22141)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22141 advisory. This package provides a server-side implementation of the FIDO Device Onboard FDO specification, written in Go. FDO is an open standard fo...

10CVSS7.3AI score0.00765EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.16 views

Erlang/OTP 19.3 < 26.2.5.21 / 27.0 < 27.3.4.12 / 28.0 < 28.5.0.1 / 29.0 < 29.0.1 DNS nameConstraints Bypass (CVE-2026-42790)

The version of Erlang/OTP installed on the remote host is 19.3 prior to 26.2.5.21, 27.0 prior to 27.3.4.12, 28.0 prior to 28.5.0.1, or 29.0 prior to 29.0.1. It is, therefore, affected by a vulnerability: - Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and...

8.1CVSS5.8AI score0.00338EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 9:46 p.m.12 views

Important: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.1CVSS6.9AI score0.01557EPSS
Exploits1References9
Amazon
Amazon
added 2026/04/14 12:0 a.m.14 views

Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

9.1CVSS5.8AI score0.01079EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31749

An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to confidential information and potentially modify it. When an SRX device is provisioned to connect t...

8.3CVSS5.9AI score0.00121EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.32 views

Amazon Linux 2023 : mount-s3 (ALAS2023-2026-1510)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1510 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via...

8.7CVSS5.9AI score0.01079EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/03/23 3:30 p.m.4 views

HybridAuth Has Improper SSL Certificate Validation in Curl HTTP Client

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This...

6.3CVSS5.5AI score0.00181EPSS
Exploits0References6Affected Software1
Rosalinux
Rosalinux
added 2026/03/22 9:2 p.m.9 views

Advisory ROSA-SA-2026-3234

software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-6 affected versions curl-8.7.1-6 CVE-ID: CVE-2025-14017 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: In multi-threaded LDAPS transfers in libcurl, changing TLS options in one thread changed them globally and could affect other...

6.3CVSS6AI score0.00106EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/11 8:21 p.m.3 views

CVE-2026-2368

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...

7.5CVSS6AI score0.00129EPSS
Exploits0References1
NVD
NVD
added 2026/02/23 4:29 p.m.8 views

CVE-2025-70044

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3...

6.5CVSS0.00133EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/02/19 10:27 p.m.7 views

CVE-2026-24122

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

3.7CVSS5.3AI score0.00197EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/02/06 7:34 p.m.4 views

CVE-2025-15557

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...

8.8CVSS5.4AI score0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/23 12:0 a.m.32 views

CVE-2025-67229

An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation...

0.00255EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 7 : java-11-openjdk-11.0.19.0.7-1.el7 (AXSA:2023-5304:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5304:06 advisory. OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

7.4CVSS7.9AI score0.02474EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/01/09 11:55 a.m.5 views

CVE-2018-4436

A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2...

7.5CVSS6.5AI score0.00908EPSS
Exploits0References1
Rows per page
Query Builder