CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/06/15 5:34 p.m.•14 views

GHSA-R7G4-QG5F-QQM2 Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

Summary Nodemailer disables TLS certificate verification in its internal HTTPS fetch client through the use of rejectUnauthorized: false inside lib/fetch/index.js. As a result, OAuth2 token requests trust invalid or self-signed HTTPS certificates and transmit sensitive OAuth credentials over...

6.5CVSS5.7AI score

Github Security Blog•added 2026/06/15 5:34 p.m.•11 views

Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

5.6AI score

Exploits0References2Affected Software1

RedhatCVE•added 2026/06/11 2:59 p.m.•11 views

CVE-2026-24066

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the...

OSV•added 2026/06/11 1:2 p.m.•8 views

MAL-2026-5644 Malicious code in self-certificate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a2141f4facbd3abc437287c86971f1b3bb6795fad75990624f735b72139167d The package advertises itself as a self-signed certificate generator, but its main module index.js contains a loadSampleCertificate routine that read...

6.3AI score

NVD•added 2026/06/10 12:16 p.m.•14 views

CVE-2026-24066

8.4CVSS0.00122EPSS

EUVD•added 2026/06/10 11:43 a.m.•8 views

EUVD-2026-36002

Vulnrichment•added 2026/06/10 11:43 a.m.•7 views

CVE-2026-24066 Slate Digital Connect macOS XPC certificate validation privilege escalation

5.4AI score0.00122EPSS

Cvelist•added 2026/06/10 11:43 a.m.•38 views

CVE-2026-24066 Slate Digital Connect macOS XPC certificate validation privilege escalation

0.00122EPSS

CVE•added 2026/06/10 11:43 a.m.•75 views

CVE-2026-24066

Slate Digital Connect 1.37.0 for macOS exposes a privileged helper tool (com.slatedigital.connect.privileged.helper.tool) that serves an XPC service (com.slatedigital.connect.privileged.helper.tool2). The root cause is that the helper validates connecting XPC clients by checking only the subject....

Positive Technologies•added 2026/06/10 12:0 a.m.•12 views

PT-2026-48400

Name of the Vulnerable Software and Affected Versions Slate Digital Connect version 1.37.0 Description The software installs a privileged helper tool, 'com.slatedigital.connect.privileged.helper.tool', which exposes the XPC service 'com.slatedigital.connect.privileged.helper.tool2'. The helper...

8.4CVSS5.2AI score0.00122EPSS

Exploits0References7

CNNVD•added 2026/06/10 12:0 a.m.•10 views

Slate Digital Connect 安全漏洞

Slate Digital Connect is an audio plugin management and licensing client developed by Slate Digital. Version 1.37.0 of Slate Digital Connect contains a security vulnerability. This vulnerability stems from the XPC service verifying the client only based on the subject.OU value of the client’s...

Snyk•added 2026/06/09 6:33 p.m.•5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in OSSLCMPget1rootCaKeyUpdate. An attacker with credentials that satisfy the CMP message protection checks, such as a Registration Authority, can replace the root CA certificate held by affected CMP clien...

6CVSS5.5AI score0.00262EPSS

EUVD•added 2026/06/09 6:30 p.m.•10 views

EUVD-2026-35482

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...

7.5CVSS5.6AI score0.00419EPSS

Exploits0References4

Positive Technologies•added 2026/06/09 12:0 a.m.•10 views

PT-2026-47835

5.6AI score0.00419EPSS

Exploits0References4

CVE•added 2026/05/26 9:3 p.m.•16 views

CVE-2026-45574

The CVE affects the epa4all-client Java library (for epa4all / ePA 3.0). Before version 1.2.2, a network-path attacker could present any TLS certificate (self-signed/expired/wrong CN) and intercept SOAP traffic, exposing KVNRs, SMC-B authentication/signing, document content, and credential exchan...

8.1CVSS5.8AI score0.00138EPSS

Veracode•added 2026/05/16 5:36 a.m.•7 views

Improper Certificate Validation

rancher is vulnerable to Improper Certificate Validation. The vulnerability is due to the Rancher CLI automatically retrieving and trusting CA certificates from Rancher’s cacerts setting when the -skip-verify flag is used without the --cacert flag, potentially allowing attackers to influence...

8.3CVSS5.8AI score0.00153EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2026/05/15 12:39 p.m.•10 views

CVE-2026-40243

A flaw was found in Incus, a system container and virtual machine manager. The Open Virtual Network OVN database connection logic contains broken Transport Layer Security TLS validation. A remote attacker, by impersonating or intercepting the OVN endpoint on the management network, can present a...

4.8CVSS5.8AI score0.00173EPSS

Exploits1References2

RedhatCVE•added 2026/05/14 7:58 p.m.•6 views

CVE-2026-41132

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...

8.7CVSS5.8AI score0.00194EPSS