Lucene search
+L

285 matches found

CNNVD
CNNVD
added 2026/04/22 12:0 a.m.13 views

Apache HttpClient 安全漏洞

Apache HttpClient is a Java-based client program developed by the Apache Foundation for accessing HTTP resources. It is used to interact with network resources via the HTTP protocol. Version 5.6 of Apache HttpClient contained a security vulnerability, which stemmed from the omission of a critical...

7.3CVSS5.8AI score0.00456EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34264

Name of the Vulnerable Software and Affected Versions Apache HttpClient version 5.6 Description A missing critical step in authentication allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Recommendations Upgrade to...

7.3CVSS5.2AI score0.00456EPSS
Exploits0References10
NVD
NVD
added 2026/04/21 10:16 p.m.8 views

CVE-2026-40944

Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded...

6.9CVSS0.0016EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 9:14 p.m.32 views

CVE-2026-40944 Oxia: TLS CA certificate chain validation fails with multi-certificate PEM bundles

Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded...

6.9CVSS0.0016EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 5:21 p.m.5 views

CVE-2026-4837

An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...

7.2CVSS0.0041EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 3:59 p.m.3 views

CVE-2026-4837 Eval Injection in Rapid7 Insight Agent

An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...

6.6CVSS6.5AI score0.0041EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/07 6:31 p.m.13 views

Apache Cassandra is vulnerable to privilege escalation in an mTLS environment using MutualTlsAuthenticator

Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are...

8.8CVSS5.9AI score0.00263EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.6 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-33413)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33413 advisory. - etcd is a distributed key-value store for the data of a distributed system. Prior to versions...

8.8CVSS6AI score0.00249EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/26 5:7 p.m.4 views

SUSE CVE-2026-33248

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

4.2CVSS5.8AI score0.00143EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/03/25 8:18 p.m.8 views

CVE-2026-33248

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

4.2CVSS5.8AI score0.00143EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/22 12:23 a.m.5 views

SUSE CVE-2026-32305

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

5.3CVSS5.9AI score0.00405EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/20 3:43 p.m.11 views

Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config

Summary There is a potential vulnerability in Traefik's TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records, Traefik's SNI extraction may fail with an EOF and return an empty SNI. The TCP router then falls back to the...

8.3CVSS5.8AI score0.00405EPSS
Exploits0References6Affected Software3
EUVD
EUVD
added 2026/03/20 3:43 p.m.5 views

EUVD-2026-13663

Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config...

7.8CVSS5.8AI score0.00405EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/20 12:43 p.m.4 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the SNI extraction when handling fragmented TLS ClientHello packets. An attacker can gain unauthorized access to services protected by mutual TLS by sending a fragmented ClientHello, causin...

10CVSS5.8AI score0.00405EPSS
Exploits0References2
NVD
NVD
added 2026/03/20 11:18 a.m.6 views

CVE-2026-32305

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

8.3CVSS0.00405EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/03/20 10:11 a.m.6 views

SUSE CVE-2025-59353

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager's Certificate gRPC service does not...

7.5CVSS7.4AI score0.00219EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/20 10:1 a.m.26 views

CVE-2026-32305 Traefik mTLS bypass via fragmented ClientHello SNI extraction failure

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

7.8CVSS0.00405EPSS
Exploits0References4
OSV
OSV
added 2026/03/20 10:1 a.m.3 views

CVE-2026-32305 Traefik mTLS bypass via fragmented ClientHello SNI extraction failure

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

7.8CVSS5.9AI score0.00405EPSS
Exploits0References11
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/24 7:8 p.m.7 views

Security Bulletin: Vulnerabilities in jersey-client-3.1.0.jar affecting MongoDB Enterprised Advanced (CVE-2025-12383)

Summary There is a vulnerability in jersey-client-3.1.0.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-12383. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cau...

9.4CVSS5.5AI score0.00284EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/02/24 4:8 p.m.21 views

CVE-2026-27586 Caddy's mTLS client authentication silently fails open when CA certificate file is missing or malformed

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

9.3CVSS0.00267EPSS
Exploits1References3
Rows per page
Query Builder