Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

369 matches found

RedHat Linux
RedHat Linuxadded last week5 views

gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name SAN could cause the validation process to incorrectly fall back to checking the Common Name CN field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to...

8.2CVSS5.3AI score0.004EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded last week3 views

gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.3AI score0.00328EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/06/11 2:59 p.m.15 views

CVE-2026-47838

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

8.1CVSS5.4AI score0.00116EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/10 12:31 a.m.9 views

EUVD-2026-35911

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

6.8CVSS5.5AI score0.00116EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/09 11:50 p.m.38 views

CVE-2026-47838 Unauthorized User Impersonation when Using X.509 Client Certificates

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

6.8CVSS0.00116EPSS
Exploits0References1
CVE
CVEadded 2026/06/09 11:50 p.m.47 views

CVE-2026-47838

Spring Security CVE-2026-47838 involves the SubjectDnX509PrincipalExtractor and malformed X.509 CN values, causing the extracted username to be read incorrectly and potentially allowing an attacker to impersonate another user. Affected versions include Spring Security 5.7.0–5.7.24; 5.8.0–5.8.26; ...

8.1CVSS5.5AI score0.00116EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/09 11:50 p.m.6 views

CVE-2026-47838 Unauthorized User Impersonation when Using X.509 Client Certificates

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

6.8CVSS5.4AI score0.00116EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/09 12:0 a.m.10 views

PT-2026-48333

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.0 through 5.7.24 Spring Security versions 5.8.0 through 5.8.26 Spring Security versions 6.3.0 through 6.3.17 Spring Security versions 6.4.0 through 6.4.17 Spring Security versions 6.5.0 through 6.5.10 Description T...

8.1CVSS5.8AI score0.00116EPSS
Exploits0References4
Snyk
Snykadded 2026/06/09 12:0 a.m.3 views

User Impersonation

Overview org.springframework.security:spring-security-config is a security configuration package for Spring Framework. Affected versions of this package are vulnerable to User Impersonation via username extraction in SubjectDnX509PrincipalExtractor. An attacker can impersonate another user by...

8.1CVSS5.4AI score0.00116EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/06/08 12:0 a.m.10 views

TencentOS Server 4: gnutls (TSSA-2026:0431)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0431 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.2CVSS5.6AI score0.004EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/06/06 6:43 p.m.8 views

CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

8.1CVSS5.5AI score0.00235EPSS
Exploits0References1
Microsoft CVE
Microsoft CVEadded 2026/05/31 8:1 a.m.7 views

nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification

...

8.1CVSS5.4AI score0.00235EPSS
Exploits0
SUSE Linux
SUSE Linuxadded 2026/05/29 3:27 p.m.10 views

Security update for gnutls

This update for gnutls fixes the following issues CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive bsc1263707. CVE-2026-5260: lib/pkcs11privkey: guard against overreading on short ciphertexts bsc1263715. CVE-2026-5419: gnutlscipherdecrypt3: make PKCS7 unpadding branch...

8.8CVSS5.8AI score0.00992EPSS
Exploits1References48
UbuntuCve
UbuntuCveadded 2026/05/29 12:0 a.m.7 views

CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

7.6CVSS5.8AI score0.00235EPSS
Exploits0References11
SUSE CVE
SUSE CVEadded 2026/05/28 3:58 a.m.11 views

SUSE CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

7.6CVSS5.8AI score0.00235EPSS
Exploits0References3
OSV
OSVadded 2026/05/27 5:16 p.m.4 views

DEBIAN-CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 5:16 p.m.14 views

CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

8.1CVSS0.00235EPSS
Exploits0References7
OSV
OSVadded 2026/05/27 5:16 p.m.6 views

UBUNTU-CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References12
ATTACKERKB
ATTACKERKBadded 2026/05/27 3:9 p.m.7 views

CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

7.6CVSS5.8AI score0.00235EPSS
Exploits0References8Affected Software1
EUVD
EUVDadded 2026/05/27 3:9 p.m.9 views

EUVD-2026-32558

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

7.6CVSS5.8AI score0.00235EPSS
Exploits0References7
Rows per page
Query Builder