614 matches found
CVE-2026-5501 Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates
wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...
CVE-2026-5501
wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...
PT-2026-31865
Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description The wolfSSL X509 verify cert function within the OpenSSL compatibility layer does not properly check the signature of a certificate's leaf when an untrusted intermediate certificate with Basic...
PT-2026-31973
OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope...
wolfSSL 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. There is a security vulnerability in wolfSSL. This vulnerability stems from the wolfSSLX509verifycert function within the OpenSSL...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforcement of controlScope restrictions on sending operations, which could allow leaf agen...
SUSE CVE-2026-33753
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...
wolfSSL(CyaSSL) 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. wolfSSL CyaSSL contains security vulnerabilities; these vulnerabilities stem from the parsing of URI names during certificate chain...
CVE-2026-33753
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...
GHSA-3XXC-PWJ6-JGRJ rfc3161-client Has Improper Certificate Validation
Summary An Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw in how the library extracts the leaf certificate from an unordered PKCS7 bag of certificates, an attacker ca...
rfc3161-client Has Improper Certificate Validation
Summary An Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw in how the library extracts the leaf certificate from an unordered PKCS7 bag of certificates, an attacker ca...
CVE-2026-33753 Improper Certificate Validation in rfc3161-client
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...
CVE-2026-33753
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006693)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006693 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info if we failed to find an inline backref BUG Syzbot reported several...
PT-2026-31325
Name of the Vulnerable Software and Affected Versions rfc3161-client versions prior to 1.0.6 Description An authorization bypass issue exists in rfc3161-client's signature verification. An attacker can impersonate a trusted TimeStamping Authority TSA by exploiting a flaw in how the library extrac...
CVE-2026-35199
SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height = 32 which include...
Signature Placement in Post-Quantum TLS Certificate Hierarchies: An Experimental Study of ML-DSA and SLH-DSA in TLS 1.3 Authentication
Post-quantum migration in TLS 1.3 should not be understood as a flat substitution problem in which one signature algorithm is replaced by another and deployment cost is inferred directly from primitive-level benchmarks. In certificate-based authentication, the practical effect of a signature fami...
CVE-2026-35199
SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height = 32 which include...
CVE-2026-35199
SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height = 32 which include...
CVE-2026-35199
Summary: CVE-2026-35199 affects the SymCrypt XMSS^MT signing path in Windows. A 64-bit leaf-count is passed to a 32-bit parameter helper, causing silent truncation to zero for XMSS^MT parameter sets with total tree height ≥ 32. This leads to an undersized scratch buffer and a heap buffer overflow...