Lucene search
K

143 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-36415

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.00545EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6207

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00629EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2059

Malicious code in bioql PyPI...

9.6CVSS9AI score0.00733EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-53483

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1283

Malicious code in bioql PyPI...

9.9CVSS9.1AI score0.00759EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/17 7:53 p.m.7 views

CVE-2025-59353 Manager generates mTLS certificates for arbitrary IP addresses

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not...

8.7CVSS0.00219EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-7956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to...

9.8CVSS8.2AI score0.00983EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/19 7:41 a.m.2 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper mTLS configuration handling. An attacker can exploit this misconfiguration to establish unauthorized connections to Redis instances that are intended to require client certificate...

6CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:1 a.m.4 views

CVE-2023-1782

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...

9.9CVSS6.8AI score0.00759EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:2 a.m.9 views

CVE-2022-31733

Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then a...

9.1CVSS6.8AI score0.00378EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:40 a.m.9 views

CVE-2024-37082

When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have...

9.1CVSS7.1AI score0.00545EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/01/17 12:20 p.m.176 views

Exploit for SQL Injection in Microsoft

CVE-2024-43468 SCCM SQL Injection Exploit mTLS client certs f...

9.8CVSS9.8AI score0.60661EPSS
Exploits3
OSV
OSV
added 2024/12/18 12:31 a.m.4 views

GHSA-6MPX-PMGP-WW49 Duplicate Advisory: Keycloak vulnerable to Cleartext Transmission of Sensitive Information

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g6qq-c9f9-2772. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak. The environment option KCCACHEEMBEDDEDMTLSENABLED does not work and the JGroup...

5.7CVSS5.7AI score0.00267EPSS
Exploits0References10
Veracode
Veracode
added 2024/12/09 9:59 a.m.10 views

Improper Certificate Validation

Keycloak is vulnerable to Improper Certificate Validation. The vulnerability is due to improper handling of reverse proxy configurations with mTLS enabled, allowing an attacker on the local network to impersonate any user or client using mTLS for authentication...

6.5AI score0.00101EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/11/25 7:40 p.m.59 views

Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination

A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication...

6.8AI score0.00101EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/11/25 7:40 p.m.2 views

GHSA-93WW-43RR-79V3 Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination

A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication...

7.1CVSS6.2AI score0.00101EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/11/21 5:24 p.m.17 views

CVE-2024-10039

A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication...

7.1CVSS6.6AI score0.00101EPSS
Exploits0References3
Wallarm Lab
Wallarm Lab
added 2024/10/18 10:29 a.m.8 views

Beyond Passwords: Advanced API Authentication Strategies for Enhanced Security

Passwordless authentication for end users is taking the world by storm, offering organizations and individuals alike unprecedented security, user experience, and efficiency benefits. By all indications, the next generation of authentication for end users has finally arrived, sending the password...

8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/09/10 12:0 a.m.8 views

NewStart CGSL MAIN 6.02 : python3 Vulnerability (NS-SA-2024-0053)

The remote NewStart CGSL host, running version MAIN 6.02, has python3 packages installed that are affected by a vulnerability: - Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client...

5.3CVSS7.1AI score0.0079EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/08/09 8:41 p.m.25 views

s2n-tls's mTLS API ordering may skip client authentication

Impact An API ordering issue in s2n-tls can cause client authentication to unexpectedly not be enabled on the server when it otherwise appears to be. Server applications are impacted if client authentication is enabled by calling s2nconnectionsetconfig before calling s2nconnectionsetclientauthtyp...

7AI score
Exploits0References3Affected Software1
Rows per page
Query Builder