Lucene search
K

84 matches found

SUSE CVE
SUSE CVE
added 2026/06/13 2:21 a.m.15 views

SUSE CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

3.1CVSS5.5AI score0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/10 5:44 a.m.36 views

CVE-2026-29114

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...

2.3CVSS0.0019EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 5:17 p.m.7 views

ALPINE-CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

7.4CVSS5.6AI score0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.8 views

CVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

5.6AI score0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.33 views

CVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

0.00196EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 4:3 p.m.59 views

CVE-2026-34181

The CVE-2026-34181 issue affects PKCS#12 file processing in OpenSSL where insufficient input validation for PBMAC1 allows forging certificates and private keys. An attacker impersonating a user could cause a service that reads PKCS#12 files to accept forged certificates and keys with about a 1 in...

7.4CVSS5.6AI score0.00196EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.9 views

CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

7.4CVSS5.6AI score0.00196EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from the buildSpCertificateStore function, which directly extracted X.509...

9.1CVSS5.8AI score0.00201EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.12 views

FreeBSD : Erlang/OTP -- public_key accepts non-CA certificate as intermediate issuer (9357a450-5a54-11f1-b886-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9357a450-5a54-11f1-b886-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq reports: Erlang/OTP's publickey...

8CVSS5.7AI score0.00322EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2026/05/27 12:0 a.m.14 views

Erlang/OTP -- public_key accepts non-CA certificate as intermediate issuer

https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq reports: Erlang/OTP's publickey application contains a path-validation flaw where non-CA certificates lacking keyUsage extensions can be accepted as intermediate issuers. An attacker with an end-entity certificate issued by a...

8CVSS5.9AI score0.00322EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43712

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 26.2.5.20 Erlang OTP versions 27.x prior to 27.3.4.12 Erlang OTP versions 28.x prior to 28.5.0.1 Erlang OTP versions 29.x prior to 29.0.1 public key versions 0.22 through 1.15.1.6 public key versions 1.17.x pri...

7CVSS5.9AI score0.00322EPSS
Exploits0References28
Microsoft Secure
Microsoft Secure
added 2026/05/19 3:7 p.m.17 views

Exposing Fox Tempest: A malware-signing service operation

In this article 1. Fox Tempest’s role and impact 2. Fox Tempest’s malware signing as a service infrastructure 3. Defending against Fox Tempest-enabled attacks 4. Microsoft Defender detections 5. Indicators of compromise Fox Tempest is a financially motivated threat actor that operates a...

5.9AI score
Exploits0
PyPA
PyPA
added 2026/05/11 6:16 p.m.15 views

PYSEC-2026-126

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...

6.8CVSS5.8AI score0.00174EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Incus 信任管理问题漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained a vulnerability related to trust management. This vulnerability stemmed from a corrupted TLS verification logic in the OVN database connection logic. It could allow attackers to...

4.8CVSS5.8AI score0.00173EPSS
Exploits1References1
Veracode
Veracode
added 2026/04/15 10:38 a.m.11 views

Improper Verification Of Cryptographic Signature

jsrsasign is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation of DSA domain parameters during signature verification, which allows an attacker to craft malicious parameters and forge valid signatures or certificates...

9.1CVSS5.7AI score0.00225EPSS
Exploits1References14Affected Software1
CVE
CVE
added 2026/04/10 3:7 a.m.52 views

CVE-2026-5501

CVE-2026-5501 involves wolfSSL’s X509_verify_cert in the OpenSSL compatibility layer. The vulnerability arises when a certificate chain is presented where the leaf’s signature is not checked if an untrusted intermediate (CA:FALSE) signed by a trusted root is supplied. An attacker with any leaf ce...

8.6CVSS6AI score0.00184EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.7 views

PT-2026-31865

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description The wolfSSL X509 verify cert function within the OpenSSL compatibility layer does not properly check the signature of a certificate's leaf when an untrusted intermediate certificate with Basic...

8.6CVSS5.8AI score0.00184EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/09 7:11 p.m.7 views

Improper Verification of Cryptographic Signature

Overview bsv-wallet is an Implements the BRC-100 standard wallet-to-application interface for the BSV Blockchain. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the acquirecertificate function. An attacker can persist forged certificate...

8.6CVSS5.9AI score0.00135EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 7:11 p.m.4 views

Improper Verification of Cryptographic Signature

Overview bsv-sdk is an A Ruby library for interacting with the BSV Blockchain — keys, scripts, transactions, and more. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the acquirecertificate function. An attacker can persist forged certificat...

8.6CVSS5.9AI score0.00135EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 3:30 p.m.4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via improper validation in the certificate renewal process. An attacker can gain unauthorized access to other managed clusters by forging a client certificate that is accepted by the controller. Remediati...

8.4CVSS5.5AI score0.00112EPSS
Exploits1References2
Rows per page
Query Builder