CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

OSV•added 2026/04/21 12:40 a.m.•6 views

CLEANSTART-2026-AF45008 When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers

Multiple security vulnerabilities affect the nginx package. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. See references for individual vulnerabili...

9.8CVSS7.1AI score0.944EPSS

Exploits43References33

OSV•added 2026/02/18 12:40 a.m.•4 views

CLEANSTART-2026-ZT77083 When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers

9.8CVSS8.6AI score0.944EPSS

Exploits43References43

OSV•added 2026/01/30 5:14 p.m.•1 views

CLEANSTART-2026-BA37192 When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers

9.8CVSS7.3AI score0.944EPSS

Exploits43References43

CVE•added 2025/12/09 8:12 a.m.•10 views

CVE-2025-41694

PHOENIX CONTACT FL SWITCH (industrial Ethernet switch) is affected by CVE-2025-41694. A low-privileged remote attacker can trigger a webshell with an empty command containing whitespace, causing the server to block and leading to a DoS condition on the websserver. CNNVD/ENISA-ENISA-like entries s...

6.5CVSS6.7AI score0.00146EPSS

Exploits0References1Affected Software1

OSV•added 2025/07/14 6:4 p.m.•1 views

CLSA-2025-1752516250 nginx: Fix of CVE-2025-23419

CVE-2025-23419: fix issue allowing session resumption to bypass client certificate authentication when multiple server blocks share same IP/port...

5.3CVSS6.3AI score0.02857EPSS

Exploits0References1

OSV•added 2025/02/14 12:13 p.m.•1 views

OESA-2025-1134 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication...

5.3CVSS7.1AI score0.02857EPSS

Exploits0References2

SUSE CVE•added 2025/02/14 3:49 a.m.•2 views

SUSE CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

4.3CVSS6AI score0.02857EPSS

Exploits0References7

RedhatCVE•added 2025/02/07 9:13 a.m.•10 views

CVE-2025-23419

A flaw was found in nginx. When name-based virtual hosts are configured to share the same IP address and port combination with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This...

4.3CVSS4.7AI score0.02857EPSS

Exploits0References4

OSV•added 2025/02/07 7:15 a.m.•28 views

BIT-NGINX-2025-23419 TLS Session Resumption Vulnerability

5.3CVSS4.9AI score0.02857EPSS

Exploits0References4