CVE-2026-33248

The connected advisory for CVE-2026-33248 concerns NATS: an authentication bypass issue in mTLS verify_and_map where certain Subject DN patterns could bypass client identity verification. Affected product is NATS Server; impact is authentication bypass under specific DN patterns, requiring a vali...

CVE-2026-27134 Strimzi: All CAs from a custom CA chain consisting of multiple CAs are trusted for mTLS user autentication

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs, Strimzi incorrectly configures the trusted...

EUVD-2024-36415

Malicious code in bioql PyPI...

EUVD-2023-1672

Malicious code in bioql PyPI...

EUVD-2023-2059

Malicious code in bioql PyPI...

CVE-2024-37082

When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have...

Exploit for SQL Injection in Microsoft

CVE-2024-43468 SCCM SQL Injection Exploit mTLS client certs f...

Improper Certificate Validation

Keycloak is vulnerable to Improper Certificate Validation. The vulnerability is due to improper handling of reverse proxy configurations with mTLS enabled, allowing an attacker on the local network to impersonate any user or client using mTLS for authentication...

CVE-2024-37082

When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have...

CVE-2024-37082

CVE-2024-37082 affects Cloud Foundry when deployed with the haproxy-boshrelease and non-default configuration, allowing HTTP requests to bypass mTLS against CF applications if route-services are enabled and ha_proxy.forwarded_client_cert is set to forward_only_if_route_service. Affected setup: Ro...

CVE-2024-37082 - mTLS bypass | Cloud Foundry

Severity CRITICAL Vendor CloudFoundry Foundation Versions Affected Routing Release 10.6.0 Description When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud...

CVE-2023-2422

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to...

Authorization

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar...

PT-2023-22686 · Apache · Apache Pulsar

Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions prior to 2.10.4 Apache Pulsar version 2.11.0 Description: The issue affects Apache Pulsar when a client connects to the Pulsar Function Worker via the Pulsar Proxy, which uses mTLS authentication. The Pulsar Function...

Improper Certificate Validation

org.keycloak:keycloak-services is vulnerable to Improper Certificate Validation. The vulnerability exists in the authenticateClient function of X509ClientAuthenticator.java because it does not properly verify the client certificates when the application is configured to support mTLS authenticatio...

Design/Logic Flaw

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead o...

CVE-2022-32290

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead o...

CVE-2022-32290

CVE-2022-32290 affects Northern.tech Mender client versions 3.2.0–3.2.2. The issue is incorrect access control where the Mender Client exposes an HTTP proxy on a non-localhost TCP port across all network interfaces. This allows any device on the same network to connect to the proxy and forward AP...