Lucene search
K

9 matches found

CVE
CVE
added 2026/06/23 7:13 p.m.9 views

CVE-2026-53622

CVE-2026-53622 concerns Traefik’s HTTP/3 (QUIC) TLS configuration selection. When HTTP/3 is enabled, the TLS handshake uses an exact, case-sensitive lookup of the SNI to choose a TLS config, which fails to match wildcard hosts or mixed-case hostnames. If a router enforces mTLS via TLSOptions and ...

10CVSS5.9AI score0.0024EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.2 views

Traefik < 2.11.41 / 3.x < 3.6.11 Multiple Vulnerabilities

The version of Traefik installed on the remote macOS host is prior to 2.11.41 or 3.x prior to 3.6.11. It is, therefore, affected by multiple vulnerabilities: - mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across...

8.3CVSS6.4AI score0.00405EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/03/20 10:1 a.m.4 views

CVE-2026-32305

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

7.8CVSS5.8AI score0.00405EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2026/03/19 12:0 a.m.9 views

traefik -- Multiple vulnerabilities

The traefik project releases a new version addressing multiple CVEs: CVE-2026-32595 BasicAuth Middleware Timing Attack CVE-2026-32305 Potential mTLS Bypass via Fragmented TLS ClientHello CVE-2026-32695 Details not yet available...

8.3CVSS5.8AI score0.00463EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/02/26 12:24 a.m.5 views

SUSE CVE-2026-27586

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

9.3CVSS5.8AI score0.00267EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/01/08 12:31 a.m.9 views

wolfSSL Python module vulnerable to Improper Authentication

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

9.3CVSS6.8AI score0.00272EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/01/08 12:15 a.m.9 views

CVE-2025-15346

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

9.3CVSS0.00272EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-53483

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00216EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/03 6:8 a.m.23 views

CVE-2024-37082

When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have...

9.1CVSS0.00545EPSS
Exploits0References1
Rows per page
Query Builder