CVE-2026-40243 Incus OVN TLS verification accepts peer-supplied roots and permits endpoint impersonation

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...

USN-7961-1: Erlang vulnerability

It was discovered that Erlang incorrectly validated peer certificates when incorrect extended key usage was presented. A remote attacker could possibly use this issue to bypass SSL key usage restrictions...

UBUNTU-CVE-2025-3085

A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to...

BIT-NODE-MIN-2021-44532

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 converts SANs Subject Alternative Names to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used withi...

Apache Pulsar 信任管理问题漏洞

Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, and highly scalable streaming...