Lucene search
+L

43 matches found

OSV
OSV
added 5 days ago4 views

JLSEC-2026-697 X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier ...

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...

8.7CVSS6.1AI score0.00145EPSS
Exploits0References5
OSV
OSV
added 5 days ago7 views

JLSEC-2026-699 X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate...

X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...

8.2CVSS6.1AI score0.00145EPSS
Exploits0References5
OSV
OSV
added 2026/07/10 4:6 p.m.5 views

CVE-2026-54919 cpp-httplib: TLS certificate chain verification bypassed for IP-literal hosts on Mbed TLS and wolfSSL backends

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIBMBEDTLSSUPPORT or CPPHTTPLIBWOLFSSLSUPPORT and a...

7.4CVSS5.9AI score0.00264EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-11999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with...

8.2CVSS6AI score0.00145EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 8:17 p.m.9 views

CVE-2026-11310

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...

8.7CVSS0.00145EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 8:17 p.m.5 views

UBUNTU-CVE-2026-11310

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...

8.7CVSS5.8AI score0.00145EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 7:38 p.m.36 views

CVE-2026-11310

The CVE-2026-11310 entry concerns wolfSSL’s X509_verify_cert() when built with --enable-opensslextra (OPENSSL_EXTRA) and used by applications that pass untrusted intermediates to X509_verify_cert(). The root cause is that wolfSSL temporarily loads untrusted intermediates into the certificate mana...

8.7CVSS5.9AI score0.00145EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 7:38 p.m.34 views

CVE-2026-11310 X.509 trust-chain bypass in wolfSSL_X509_verify_cert() via untrusted intermediate anchoring

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...

8.7CVSS0.00145EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/25 7:38 p.m.11 views

CVE-2026-11310

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...

8.7CVSS5.8AI score0.00145EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:16 p.m.7 views

UBUNTU-CVE-2026-11999

X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 4:56 p.m.40 views

CVE-2026-11999 X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()

X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...

8.2CVSS0.00145EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:56 p.m.9 views

EUVD-2026-39496

X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...

8.2CVSS5.9AI score0.00145EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/25 4:56 p.m.9 views

CVE-2026-11999

X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.26 views

PT-2026-52511

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A trust-chain bypass exists in the OpenSSL compatibility certificate verifier function wolfSSL X509 verify cert. This issue occurs in builds configured with --enable-opensslextra when an...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/13 11:33 a.m.6 views

CVE-2026-33810

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS5.8AI score0.0034EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/19 10:7 p.m.25 views

CVE-2026-32037 OpenClaw < 2026.2.22 - Redirect Chain Bypass of Media Host Allowlist in MSTeams Attachment Handling

OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attachment URLs to force redirects to non-allowlisted targets, bypassing SSRF boundary controls...

6CVSS0.00172EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/02 9:15 p.m.18 views

CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC

Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...

8.7CVSS0.00771EPSS
Exploits0References3
CVE
CVE
added 2026/03/02 9:15 p.m.30 views

CVE-2026-3336

This CVE affects AWS-LC: improper certificate validation in PKCS7_verify() can bypass certificate chain verification for PKCS7 objects with multiple signers (excluding the final signer). Impact is high (integrity risk) with network attack potential. AWS customers are not required to act, but appl...

8.7CVSS5.9AI score0.00771EPSS
Exploits0References7Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.7 views

PT-2026-22702

Name of the Vulnerable Software and Affected Versions AWS-LC versions prior to 1.69.0 Description A flaw exists in the PKCS7 verify function within AWS-LC that allows an unauthenticated user to circumvent certificate chain verification when handling PKCS7 objects containing multiple signers,...

8.7CVSS5.9AI score0.00771EPSS
Exploits0References20
Github Security Blog
Github Security Blog
added 2026/02/18 12:57 a.m.12 views

Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...

7.1CVSS5.5AI score0.00288EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder