CVE-2026-42791

Summary: CVE-2026-42791 is an improper certificate validation weakness in Erlang OTP’s public_key/pubkey_ocsp module. OCSP response verification (pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorized_responder/3) fails to enforce the validity period (notBefore/notAfter) of the OCSP responde...

EEF-CVE-2026-42791 OCSP responder certificate validity period not checked in public_key

Summary Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

EUVD-2026-29931

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine...

SUSE CVE-2026-24122

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

DEBIAN-CVE-2026-24122

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

EUVD-2009-1415

Malware in sbrugna...

EUVD-2024-3224

Malicious code in bioql PyPI...

Citrix Director Infrastructure Monitoring - Incorrect IIS Certificate Validity status

When admin checks Storefront metrics in Citrix Director under Infrastructure Monitoring, incorrect IIS Certificate Validity status is displayed. All other metrics are displayed correctly. Example: StoreFront Details: Storefront is configured with correct certificate and a certificate chain is...

CVE-2025-4384

The CVE-2025-4384 issue affects the PcVue MQTT add-on, where certificate validation fails to confirm that a remote device’s certificate is not expired or not yet valid. Root cause: improper certificate validity checks during TLS handshake. Impact: malicious devices could present certificates that...

CVE-2025-4384 Certificate validity not properly verified

The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. This allows malicious devices to present certificates that are not rejected properly. The use of a client certificate reduces the risk for random devices to take...

CVE-2024-51746 Use of incorrect Rekor entries during verification in gitsign

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to fetch entries that apply to a signature...

CVE-2024-51746 Use of incorrect Rekor entries during verification in gitsign

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to fetch entries that apply to a signature...

GHSA-8PMP-678W-C8XX gitsign may use incorrect Rekor entries during verification

Summary gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. Details gitsign uses Rekor's search API to fetch entries that apply to a signature being verified. The parameters used for the search are the public key and the payloa...

gitsign may use incorrect Rekor entries during verification

Summary gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. Details gitsign uses Rekor's search API to fetch entries that apply to a signature being verified. The parameters used for the search are the public key and the payloa...

PT-2024-34879 · Gitsign +1 · Gitsign +1

Name of the Vulnerable Software and Affected Versions: gitsign affected versions not specified Description: The issue arises when gitsign uses Rekor's search API to fetch entries for signature verification, using parameters such as the public key and the payload. However, the search API returns...

SUSE CVE-2024-8096

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error tha...

PT-2023-11470 · Beyondtrust · Beyondtrust Privilege Management For Windows

Name of the Vulnerable Software and Affected Versions: BeyondTrust Privilege Management for Windows versions through 5.6 Description: An issue was discovered where the publisher criteria can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator...

SUSE CVE-2009-1417

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is 1 not yet valid or 2 no longer valid, related to lack of time checks in the gnutlsx509verifycertificate function...

SUSE CVE-2020-36478

An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. A NULL algorithm parameters entry looks identical to an array of REAL size zero and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate...

CVE-2020-36658

In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix...