CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

EUVD-2026-31326

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions. An...

curl: CURLOPT_PROXY_CAINFO_BLOB silently activates native CA store on Apple builds

Hi all, CURLOPTPROXYCAINFOBLOB introduced 7.77.0 never sets proxyssl.customcablob. On USEAPPLESECTRUST / CURLCANATIVE builds this causes curl to silently fall back to the system keychain for proxy TLS verification, nullifying the caller's blob-only trust policy. --- Root cause lib/setopt.c handle...

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-117 (ALASDOCKER-2026-117)

The version of runfinch-finch installed on the remote host is prior to 1.17.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-117 advisory. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination ...

CVE-2026-44363

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

CVE-2026-44363

The CVE-2026-44363 issue affects MISP modules (misp-modules), specifically the html_to_markdown and qrcode modules. Root cause: unsafe remote resource fetching and insufficient URL validation, with qrcode also disabling TLS certificate verification. Impact: potential Server-Side Request Forgery (...

CVE-2026-44363 Unsafe remote resource fetching in expansion misp-modules

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

pyLoad 信任管理问题漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained a trust management vulnerability. This vulnerability stemmed from the fact that the allowlist did not include the general.sslverify option in the setconfigvalue API method. As a resul...

GHSA-FHQ3-2GF3-8F3J misp-modules has nsafe remote resource fetching in expansion

An unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allow Server-Side Request Forgery against loopback, private, or link-local network resources. Additionally...

CVE-2026-40243 Incus OVN TLS verification accepts peer-supplied roots and permits endpoint impersonation

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...

Lemur: LDAP Authentication Globally Disables TLS Certificate Verification When LDAP_USE_TLS Is Enabled

Description Overview When LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the LDAP server to intercept all...

PT-2026-38301

Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Description When LDAP TLS is enabled via the LDAP USE TLS variable, the LDAP authentication module in the bind function unconditionally disables TLS certificate verification at the global ldap module level. This...

GHSA-VCGP-9326-PQCP net-imap vulnerable to STARTTLS stripping via invalid response timing

Summary A man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. Details When using Net::IMAPstarttls to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged OK response with an easily predictable tag. By sendi...

PT-2026-37183

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.3.10 Net::IMAP versions prior to 0.4.24 Net::IMAP versions prior to 0.5.14 Net::IMAP versions prior to 0.6.4 Description A man-in-the-middle attacker can cause the starttls function to return successfully without...

Astra Linux - уязвимость в perl

CPAN.pm before version 2.35 does not verify TLS certificates when downloading distributions via HTTPS...

Amazon Linux 2 : golist, --advisory ALAS2-2026-3260 (ALAS-2026-3260)

The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3260 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

Improper TLS Certificate Verification

github.com/traefik/traefik/v3 is vulnerable to improper TLS certificate verification. The vulnerability is due to incorrect handling of the proxy-ssl-verify annotation, which disables TLS verification when enabled, allowing an attacker to perform man-in-the-middle attacks on HTTPS backends...

EUVD-2026-13688

Improper certificate validation in the PAM propagation WinRM connections allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...

CVE-2026-4434

Improper certificate validation in the PAM propagation WinRM connections allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...