443 matches found
CLEANSTART-2026-PE52216 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions
Multiple security vulnerabilities affect the mongodb package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details...
EUVD-2026-21178
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...
PT-2026-31865
Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description The wolfSSL X509 verify cert function within the OpenSSL compatibility layer does not properly check the signature of a certificate's leaf when an untrusted intermediate certificate with Basic...
Linux Distros Unpatched Vulnerability : CVE-2026-5501
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an...
CVE-2026-5263
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...
DEBIAN-CVE-2026-5263
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...
CVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints()
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...
CVE-2026-5263
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...
wolfSSL(CyaSSL) 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. wolfSSL CyaSSL contains security vulnerabilities; these vulnerabilities stem from the parsing of URI names during certificate chain...
DEBIAN-CVE-2026-32280
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls...
CVE-2026-32280 Unexpected work during chain building in crypto/x509
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls...
CVE-2026-32280
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls...
CVE-2026-32280
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls...
GO-2026-4947 Unexpected work during chain building in crypto/x509
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls...
PT-2026-31061
Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description An issue exists in the way certificate chains are processed, specifically during chain building. The amount of work performed isn't properly limited when a large number of intermediate certificates are provide...
CVE-2026-34071
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a...
Digital Bazaar Forge 信任管理问题漏洞
Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar, and it is an open-source tool used for developing encrypted and network-intensive web applications. Versions of Digital Bazaar Forge prior to 1.4.0 had a trust management vulnerability. Th...
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
Summary pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate without these extensions to act as a CA and sign other certificates, which node-for...
GHSA-2328-F5F3-GJ25 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
Summary pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate without these extensions to act as a CA and sign other certificates, which node-for...
CVE-2026-34071 Stirling-PDF has Stored Cross Site Scripting (XSS) via EML-to-HTML Export
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a...