CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2026/04/10 12:30 a.m.•2 views

EUVD-2026-21178

URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...

7CVSS5.9AI score0.00152EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2022-6870

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.00827EPSS

Exploits0References14

OSV•added 2024/03/06 10:51 a.m.•35 views

BIT-CONSUL-2022-40716

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

6.5CVSS6.5AI score0.00827EPSS

Exploits0References6

RedhatCVE•added 2022/12/29 4:4 a.m.•42 views

CVE-2022-40716

A flaw was found in the HashiCorp Consul package. In the affected versions of this package, a specially crafted CSR sent directly to Consul’s internal server agent RPC endpoint can include multiple SAN URI values with additional service names...

6.5CVSS2.5AI score0.00827EPSS

Exploits0References4

Veracode•added 2022/09/27 1:8 p.m.•33 views

Authentication Bypass

github.com/hashicorp/consul is vulnerable to authentication bypass. The vulnerability exists in autoconfigendpoint.go and leaderconnectca.go because the URI length checks are not added to CSR requests which allows an attacker to designate multiple SAN URI values in a call to the endpoint...

6.5CVSS6.8AI score0.00827EPSS

Exploits0References18Affected Software2