1766 matches found
crypto/x509: Incorrect enforcement of email constraints in crypto/x509
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...
Important: Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0 (golang-github-openstack-k8s-operators-os-diff) security update
An update for golang-github-openstack-k8s-operators-os-diff is now available for Red Hat OpenStack Services on OpenShift 18.0 Antelope. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...
netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement
A flaw was found in Netty. Netty's DNS Domain Name System codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions
A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...
tomcat: security constraint bypass with HTTP/0.9
A flaw was found in Tomcat. An improper input validation vulnerability allows an attacker to bypass security constraints. Specifically, if a security constraint is configured to permit HEAD requests to a URI but deny GET requests, a malformed or specification invalid HEAD request using the HTTP/0...
crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application
A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...
crypto/x509: Incorrect enforcement of email constraints in crypto/x509
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...
CVE-2026-55956
A flaw was found in Apache Tomcat where access control rules for the default servlet are improperly handled. An attacker can exploit this issue to bypass specific HTTP method restrictions, potentially gaining unauthorized access to protected application resources. Mitigation Review your...
CVE-2026-11340 Authorization Bypass in HAVELSAN's Open Source Project Liman MYS
Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liman MYS: before release.Master.1107...
BIT-TOMCAT-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method
Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...
CVE-2026-22547
Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values...
CVE-2026-58653
CVE-2026-58653 affects PraisonAI prior to 0.1.7, where issue creation/update does not validate that project_id matches the URL workspace. This allows an attacker to reference projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace co...
NPM: sigstore's `certificateOIDs` verification constraints are silently dropped and never enforced
NPM: sigstore's certificateOIDs verification constraints are silently dropped and never enforced vulnerability discovered by ? in WordPress Npm sigstore versions = 4.1.0...
Improper Verification of Cryptographic Signature
Overview @sigstore/verify is a Verification of Sigstore signatures Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the certificateOIDs option being accepted by the public API but discarded before verification, resulting in required...
crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application
A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...
CVE-2026-56152
Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...
SUSE CVE-2026-55276
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
SUSE CVE-2026-55956
Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
PT-2026-55204
Name of the Vulnerable Software and Affected Versions sigstore-js versions prior to 4.1.1 Description The certificateOIDs option in the sigstore.verify function is accepted by the public API but discarded before the verification process occurs. Consequently, required certificate extension Object...
CVE-2026-55276
A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might...