CVE-2026-32253 Sunshine: Authentication bypass via improper client certificate validation

Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are handled. In src/crypto.cpp, the custom verify callback treats X509VERRUNABLETOGETISSUERCERTLOCALLY,...

PT-2026-28169

Name of the Vulnerable Software and Affected Versions Pay versions prior to 3.7.20 Description The verify wechat sign function in src/Functions.php does not properly validate signatures when the Host header in a PSR-7 request is set to localhost. This allows an attacker to bypass the RSA signatur...

SUSE CVE-2025-62375

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

Linux Distros Unpatched Vulnerability : CVE-2009-0127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - M2Crypto does not properly check the return value from the OpenSSL EVPVerifyFinal, DSAverify, ECDSAverify, DSAdoverify, and ECDSAdoverify functions, which might...

Linux Distros Unpatched Vulnerability : CVE-2023-24010

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DD...

CVE-2009-0128

plugins/crypto/openssl/cryptoopenssl.c in Simple Linux Utility for Resource Management aka SLURM or slurm-llnl does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS...

CVE-2023-24012

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

CVE-2023-24010

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

Automattic: Unauthenticated RCE in Vaultpress

Hitting wordpress instalattion with vaultpress on it with get parameter vaultpress=true attacker is one method away from RCE and that method is validateapisignature. In this method we have the following constraints: 1. Firewall 2. Usage recomended of openssl to validate API call In case of disabl...

PHP 5.2.10及之前版本存在多个安全漏洞

Bugraq ID: 36449 PHP是一款流行的网络编程语言。 PHP存在多个未明安全问题，具体如下： -phpopensslapplyverificationpolicy中存在证书校验问题。 -imagecolortransparent对颜色索引缺少充分过滤检查。 -对exif处理缺少充分的过滤检查。 PHP PHP 5.2.10 PHP PHP 5.2.9 -2 PHP PHP 5.2.9 PHP PHP 5.2.8 PHP PHP 5.2.7 PHP PHP 5.2.6 PHP PHP 5.2.5 PHP PHP 5.2.4 PHP PHP 5.2.3 PHP PHP 5.2....

CVE-2009-0130

lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package...

[SECURITY] [DSA 1703-1] New bind9 packages fix cryptographic weakness

------------------------------------------------------------------------ Debian Security Advisory DSA-1703-1 [email protected] http://www.debian.org/security/ Florian Weimer January 12, 2009 http://www.debian.org/security/faq -...