126 matches found
CVE-2026-9545 exposing HTTP/3 early data
In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...
CVE-2026-10592
Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...
Fixed in Apache Tomcat 11.0.23
Moderate: Security constraints for default servlet ignored method CVE-2026-55956 If security constraints were specified for the default servlet, any method or method omission configured as part of the constraint was ignored. This was fixed with commit 3f6bd2ba. This issue was reported to the Tomc...
Siemens APE1808 Missing Critical Step in Authentication (CVE-2024-52965)
A missing critical step in authentication vulnerability CWE-304 in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user...
GL-iNet Comet 安全漏洞
GL-iNet Comet is a portable, multi-functional network device developed by GL-iNet Corporation in China. There is a security vulnerability in GL-iNet Comet, which stems from the lack of certificate verification during the initialization process when connecting to the GL-iNet site. This vulnerabili...
CVE-2020-10659
Entrust Entelligence Security Provider ESP before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where for example a user continues to interact with a web site that has an invalid certificate chain...
EUVD-2006-5789
Malware in sbrugna...
EUVD-2020-23389
Malware in sbrugna...
EUVD-2020-3106
Malware in sbrugna...
EUVD-2000-0514
Malware in sbrugna...
EUVD-2024-54757
Malicious code in bioql PyPI...
PT-2025-38272
Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description A peer can obtain a valid TLS certificate for arbitrary IP addresses, rendering the mTLS authentication ineffective. The Manager’s Certificate gRPC service does not validate if the requested IP...
Linux Distros Unpatched Vulnerability : CVE-2015-5907
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web...
If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted. This vulnerability affects Firefox < 107.
...
Linux Distros Unpatched Vulnerability : CVE-2025-47279
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are...
CVE-2024-52965
A missing critical step in authentication vulnerability CWE-304 in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user...
CVE-2024-52965
A missing critical step in authentication vulnerability CWE-304 in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user...
CVE-2024-52965
A missing critical step in authentication vulnerability CWE-304 in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user...
CVE-2024-52965
A missing critical step in authentication vulnerability CWE-304 in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user...
CVE-2024-52965
CVE-2024-52965 describes a missing authentication step in Fortinet FortiOS and FortiProxy that lets an API-user login with an invalid certificate when using api-key + PKI cert authentication. Affected products and versions include FortiOS 7.0.0–7.0.15, 7.2.0–7.2.10, 7.4.0–7.4.5, 7.6.0–7.6.1 and F...