Lucene search
+L

463 matches found

nvd
nvd
added 2026/07/01 3:16 p.m.8 views

CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...

7.3CVSS0.00055EPSS
Exploits0References1
euvd
euvd
added 2026/07/01 2:7 p.m.6 views

EUVD-2026-41001

Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/01 2:7 p.m.6 views

CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.8 views

PT-2026-54619

Name of the Vulnerable Software and Affected Versions Cato Client versions prior to 5.13.1 Description The PrivilegedHelperTool XPC service on macOS contains improper certificate validation and a time-of-check time-of-use TOCTOU race condition. A TOCTOU race condition occurs when a program checks...

7.3CVSS6.1AI score0.00055EPSS
Exploits0References3
nessus
nessus
added 2026/06/30 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-40941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which...

7.1CVSS6.7AI score0.00159EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/26 7:18 a.m.7 views

CVE-2026-40941

A flaw was found in Cacti, an open-source performance and fault management framework. This vulnerability allows a remote attacker to bypass the package import signature validation. By exploiting this flaw, an attacker can import self-signed packages, potentially leading to the execution of...

8.8CVSS6AI score0.00159EPSS
Exploits0References6
osv
osv
added 2026/06/25 11:17 p.m.3 views

DEBIAN-CVE-2026-40941

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

6.5CVSS5.7AI score0.00159EPSS
Exploits0References1
nvd
nvd
added 2026/06/25 11:17 p.m.17 views

CVE-2026-40941

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

7.1CVSS0.00159EPSS
Exploits0References3
osv
osv
added 2026/06/25 11:17 p.m.4 views

UBUNTU-CVE-2026-40941

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

7.1CVSS5.7AI score0.00159EPSS
Exploits0References6
debiancve
debiancve
added 2026/06/25 11:1 p.m.8 views

CVE-2026-40941

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

7.1CVSS5.8AI score0.00159EPSS
Exploits0
attackerkb
attackerkb
added 2026/06/25 11:1 p.m.8 views

CVE-2026-40941

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

7.1CVSS5.7AI score0.00159EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/06/25 11:1 p.m.30 views

CVE-2026-40941 Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

7.1CVSS0.00159EPSS
Exploits0References3
osv
osv
added 2026/06/25 11:1 p.m.3 views

CVE-2026-40941 Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

7.1CVSS6.5AI score0.00159EPSS
Exploits0References5
cve
cve
added 2026/06/25 11:1 p.m.26 views

CVE-2026-40941

CVE-2026-40941 affects Cacti up to version 1.2.30 and is caused by a package import signature validation bypass that allows the use of self-signed packages. The issue has been fixed in version 1.2.31. Affected software is Cacti (open source performance and fault management framework). Remediation...

7.1CVSS5.7AI score0.00159EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/06/25 8:17 p.m.4 views

DEBIAN-CVE-2026-55964

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

5.3CVSS5.8AI score0.00118EPSS
Exploits0References1
cve
cve
added 2026/06/25 7:30 p.m.19 views

CVE-2026-55964

CVE-2026-55964 describes a change in certificate path validation affecting OpenSSL-compatibility path building (X509_verify_cert / X509_STORE). Previously, chain-supplied temporary CAs (WOLFSSL_TEMP_CA) could be accepted as signing CAs even if the intermediate CA had CA:TRUE but lacked keyCertSig...

6.3CVSS5.9AI score0.00118EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.11 views

PT-2026-52628

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software contains a package import signature validation bypass that allows the use of self-signed packages. Recommendations Upda...

7.1CVSS5.8AI score0.00159EPSS
Exploits0References11
github
github
added 2026/06/15 5:34 p.m.32 views

Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

Summary Nodemailer disables TLS certificate verification in its internal HTTPS fetch client through the use of rejectUnauthorized: false inside lib/fetch/index.js. As a result, OAuth2 token requests trust invalid or self-signed HTTPS certificates and transmit sensitive OAuth credentials over...

5.6AI score
Exploits0References2Affected Software1
osv
osv
added 2026/06/15 5:34 p.m.30 views

GHSA-R7G4-QG5F-QQM2 Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

Summary Nodemailer disables TLS certificate verification in its internal HTTPS fetch client through the use of rejectUnauthorized: false inside lib/fetch/index.js. As a result, OAuth2 token requests trust invalid or self-signed HTTPS certificates and transmit sensitive OAuth credentials over...

6.5CVSS5.7AI score
Exploits0References2
redhatcve
redhatcve
added 2026/06/11 2:59 p.m.14 views

CVE-2026-24066

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the...

8.4CVSS5.4AI score0.00122EPSS
Exploits1References1
Rows per page
Query Builder