CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

298 matches found

Hacker One•added 2026/05/21 7:5 a.m.•17 views

curl: curl GnuTLS backend accepts a clientAuth-only certificate for HTTPS server authentication

Summary: When curl/libcurl is built with the GnuTLS backend, the current HTTPS server-certificate validation path verifies the trust chain and hostname but does not enforce TLS server Extended Key Usage semantics. As a result, a leaf certificate that chains to a trusted CA, matches the requested...

5.9AI score

Exploits0

NVD•added 2026/05/13 4:17 p.m.•4 views

CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS0.00021EPSS

Exploits0References1

Debian CVE•added 2026/05/13 2:55 p.m.•2 views

CVE-2026-8367

4.8CVSS5.8AI score0.00021EPSS

Exploits0

Vulnrichment•added 2026/04/29 8:15 p.m.•1 views

CVE-2026-1858 wget2 Improper Certificate Validation

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.2AI score0.00011EPSS

Exploits1References1

Ubuntu•added 2026/04/08 11:57 a.m.•2 views

USN-8155-1: OpenSSL vulnerabilities

Viktor Dukhovni discovered that OpenSSL incorrectly negotiated the expected preferred key exchange group when used as a TLS 1.3 server. This could result in a less preferred key exchange being used, contrary to expectations. This issue only affected Ubuntu 25.10. CVE-2026-2673 Igor Morgenstern...

9.8CVSS6.2AI score0.0014EPSS

Exploits0

RedHat Linux•added 2026/02/17 12:48 a.m.•1 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7.1AI score0.00056EPSS

Exploits0References5

Tenable Nessus•added 2026/01/16 12:0 a.m.•4 views

MiracleLinux 7 : erlang-18.3.4.7-1.0.1.el7.AXS7 (AXSA:2017-2480:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-2480:01 advisory. The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt conten...

5.9CVSS6.6AI score0.83321EPSS

Exploits0References2

OSV•added 2026/01/15 9:16 p.m.•0 views

CVE-2026-21907

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers ssl-static-key-ciphers, reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support...

5.9CVSS5.8AI score

Exploits0References2