Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from the buildSpCertificateStore function, which directly extracted X.509...

FreeBSD : Erlang/OTP -- public_key accepts non-CA certificate as intermediate issuer (9357a450-5a54-11f1-b886-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9357a450-5a54-11f1-b886-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq reports: Erlang/OTP's publickey...

Erlang/OTP -- public_key accepts non-CA certificate as intermediate issuer

https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq reports: Erlang/OTP's publickey application contains a path-validation flaw where non-CA certificates lacking keyUsage extensions can be accepted as intermediate issuers. An attacker with an end-entity certificate issued by a...

PT-2026-43712

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public key pubkey cert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public key/src/pubkey cert.erl, pubkey cert:validate extensions/7 contain...

Exposing Fox Tempest: A malware-signing service operation

In this article 1. Fox Tempest’s role and impact 2. Fox Tempest’s malware signing as a service infrastructure 3. Defending against Fox Tempest-enabled attacks 4. Microsoft Defender detections 5. Indicators of compromise Fox Tempest is a financially motivated threat actor that operates a...

PYSEC-2026-126

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...

Incus 信任管理问题漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained a vulnerability related to trust management. This vulnerability stemmed from a corrupted TLS verification logic in the OVN database connection logic. It could allow attackers to...

Improper Verification Of Cryptographic Signature

jsrsasign is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation of DSA domain parameters during signature verification, which allows an attacker to craft malicious parameters and forge valid signatures or certificates...

CVE-2026-5501

CVE-2026-5501 involves wolfSSL’s X509_verify_cert in the OpenSSL compatibility layer. The vulnerability arises when a certificate chain is presented where the leaf’s signature is not checked if an untrusted intermediate (CA:FALSE) signed by a trusted root is supplied. An attacker with any leaf ce...

PT-2026-31865

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description The wolfSSL X509 verify cert function within the OpenSSL compatibility layer does not properly check the signature of a certificate's leaf when an untrusted intermediate certificate with Basic...

Improper Verification of Cryptographic Signature

Overview bsv-wallet is an Implements the BRC-100 standard wallet-to-application interface for the BSV Blockchain. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the acquirecertificate function. An attacker can persist forged certificate...

Improper Verification of Cryptographic Signature

Overview bsv-sdk is an A Ruby library for interacting with the BSV Blockchain — keys, scripts, transactions, and more. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the acquirecertificate function. An attacker can persist forged certificat...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via improper validation in the certificate renewal process. An attacker can gain unauthorized access to other managed clusters by forging a client certificate that is accepted by the controller. Remediati...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via improper validation in the certificate renewal process. An attacker can gain unauthorized access to other managed clusters by forging a client certificate that is accepted by the controller. Remediati...

CVE-2026-4740

A flaw was found in Open Cluster Management OCM, the technology underlying Red Hat Advanced Cluster Management ACM. Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This...

CVE-2026-4600

A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm DSA validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then...

CVE-2026-4600

CVE-2026-4600 affects the JavaScript library jsrsasign prior to 11.1.1. The vulnerability stems from improper verification of cryptographic signatures due to DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and related DSA/X509 verification in src/dsa-2.0.js). An attacker can forge D...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the handling of HTTPS redirects when a proxy is configured and setfollowlocation is enabled. An attacker can intercept sensitive information by presenting a forged, expired, or self-signed...

UBUNTU-CVE-2025-37731

Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority...

Improper Certificate Validation

KubernetesClient is vulnerable to Improper Certificate Validation. The vulnerability is due to inadequate verification of the certificate trust chain, which allows an attacker to present a forged certificate and perform man-in-the-middle attacks or impersonate the Kubernetes API server...