Lucene search
+L

285 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/14 8:51 p.m.9 views

CVE-2026-44700

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in...

8.7CVSS5.8AI score0.00255EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/05/14 8:51 p.m.13 views

EUVD-2026-30486

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in...

8.7CVSS5.8AI score0.00255EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/14 6:48 p.m.61 views

CVE-2026-23998 Fleet has a Windows MDM management endpoint authentication bypass

Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled...

8.2CVSS0.00214EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 7:8 p.m.8 views

GHSA-C839-4QXR-J4X3 Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots

Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...

2.3CVSS5.8AI score0.00173EPSS
Exploits1References7
NVD
NVD
added 2026/05/04 6:16 p.m.8 views

CVE-2026-0073

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

8.8CVSS0.00541EPSS
Exploits12References1
EUVD
EUVD
added 2026/05/04 6:0 p.m.10 views

EUVD-2026-27041

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

8.8CVSS6.2AI score0.00541EPSS
Exploits12References1
Cvelist
Cvelist
added 2026/05/04 6:0 p.m.42 views

CVE-2026-0073

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

0.00541EPSS
Exploits12References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:0 p.m.9 views

CVE-2026-0073

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

8.8CVSS6.2AI score0.00541EPSS
Exploits12References2Affected Software1
Veracode
Veracode
added 2026/05/03 4:52 p.m.16 views

Improper Certificate Validation

Caddy is vulnerable to Improper Certificate Validation. The vulnerability is due to swallowed errors in ClientAuthentication.provision, where failures loading trustedcacertfile or trustedcacertspemfiles are ignored, causing mTLS authentication to fail open and accept any client certificate signed...

9.3CVSS5.8AI score0.00267EPSS
Exploits1References6Affected Software2
OSV
OSV
added 2026/05/01 12:0 a.m.11 views

ASB-A-469080888

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

8.8CVSS6.2AI score0.00541EPSS
Exploits12References2
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40542

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper...

7.3CVSS5.9AI score0.00456EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/28 5:26 p.m.16 views

Improper Authentication

Apache HttpClient is vulnerable to Improper Authentication. The vulnerability is due to a missing verification step in SCRAM-SHA-256 authentication, which allows an attacker to bypass proper mutual authentication checks and be accepted by the client...

7.3CVSS5.3AI score0.00456EPSS
Exploits0References8Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/23 1:23 a.m.8 views

SUSE CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.7AI score0.00456EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 9:31 a.m.7 views

EUVD-2026-24630

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.7AI score0.00456EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/22 9:31 a.m.13 views

Apache HttpClient accepts SCRAM-SHA-256 authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.2AI score0.00456EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/22 9:31 a.m.6 views

GHSA-V468-QCJX-R72W Apache HttpClient accepts SCRAM-SHA-256 authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.8AI score0.00456EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/22 7:7 a.m.6 views

CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

5.7AI score0.00456EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:7 a.m.5 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

5.7AI score0.00456EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/22 7:7 a.m.28 views

CVE-2026-40542

Apache HttpClient 5.6 is affected by a missing step in SCRAM-SHA-256 mutual authentication, allowing a client to accept authentication without proper mutual verification. The issue impacts the 5.6 release and is fixed by upgrading to version 5.6.1. Affected component: Apache HttpClient (Java), v5...

7.3CVSS5.7AI score0.00456EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/22 7:7 a.m.39 views

CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

0.00456EPSS
Exploits0References1
Rows per page
Query Builder