3 matches found
CVE-2026-55436 Coder's AI Bridge Proxy skips TLS certificate verification in default configuration
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a...
Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped
Summary When verifying artifact signatures using a certificate, Cosign first verifies the certificate chain using the leaf certificate's "not before" timestamp and later checks expiry of the leaf certificate using either a signed timestamp provided by the Rekor transparency log or from a timestam...
Improper Certificate Validation
wlc is vulnerable to improper certificate validation. The vulnerability is due to skipped SSL verification for specially crafted URLs, which allows an attacker to perform man-in-the-middle attacks and intercept or manipulate communications...