Export limit exceeded: 363763 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (2487 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-55759 1 Rocketchat 1 Rocket.chat 2026-06-25 7.4 High
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT signatures but skips claims validation. Any Apple-signed JWT with a non-empty iss is accepted regardless of aud, exp, nbf, or nonce. An attacker who obtains a target user's Apple identity token (from server logs, an intercepted sign-in flow, or another application sharing the same Apple developer team) can replay it to authenticate as that user, with no expiration on the replay window. This vulnerability is fixed in 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13.
CVE-2025-32989 2 Gnu, Redhat 11 Gnutls, Ceph Storage, Discovery and 8 more 2026-06-25 5.3 Medium
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.
CVE-2025-6032 1 Redhat 4 Enterprise Linux, Openshift, Rhel Eus and 1 more 2026-06-25 8.3 High
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
CVE-2026-47341 1 Apache 1 Apisix 2026-06-24 N/A
Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry. This issue affects Apache APISIX: from 3.11.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the issue.
CVE-2026-54100 1 Redhat 4 Openshift, Openshift Container Platform, Openshift For Windows Containers and 1 more 2026-06-24 8.3 High
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture WICD and kubelet bootstrap credentials transferred during node configuration, enabling compromise of Windows node identities in the cluster.
CVE-2026-57289 1 Jenkins Project 1 Jenkins Bitbucket Push And Pull Request Plugin 2026-06-24 4.8 Medium
Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to capture the token.
CVE-2026-42012 2 Gnu, Redhat 9 Gnutls, Discovery, Enterprise Linux and 6 more 2026-06-24 7.1 High
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.
CVE-2026-42011 1 Redhat 8 Discovery, Enterprise Linux, Enterprise Linux Eus and 5 more 2026-06-24 7.4 High
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.
CVE-2026-54323 1 Daytonaio 1 Daytona 2026-06-24 5.9 Medium
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization header to the remote over a connection whose certificate was never validated, on both the go-git and native git CLI code paths. An attacker able to intercept clone traffic could present any TLS certificate, capture the Git credentials supplied for the clone, and serve tampered repository content into the sandbox. This vulnerability is fixed in 0.185.0.
CVE-2026-54308 1 N8n 1 N8n 2026-06-24 N/A
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execute with attacker-controlled data. This vulnerability is fixed in 2.25.7 and 2.26.2.
CVE-2026-47381 1 Nocodb 1 Nocodb 2026-06-24 N/A
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check matched any base in any workspace. This vulnerability is fixed in 2026.05.1.
CVE-2026-52845 1 Caddyserver 1 Caddy 2026-06-24 8.1 High
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through php_fastcgi, Caddy normalizes HTTP headers into CGI variables by replacing - with _. This lets a client send an underscore alias that survives the forward_auth delete step but becomes the same PHP/FastCGI variable. Result: a remote client can inject or sometimes override identity/group headers trusted by PHP/FastCGI applications behind Caddy. This vulnerability is fixed in 2.11.4.
CVE-2026-34021 1 Wertheim 1 Safecontroller 5400 Hardware For Vault Rooms (safe Deposit Locker System - Microcontroller) 2026-06-23 N/A
The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485 messages and replay previously observed messages. This can be used, for example, to spoof a "quit alarm" message and continuously deactivate the safe alarm.
CVE-2026-34025 1 Wertheim 1 Safecontroller Software For Vault Rooms (safe Deposit Locker System) 2026-06-23 N/A
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP X-Forwarded-For header when that header is present. An attacker with valid branch user credentials can manipulate the X-Forwarded-For header during login to spoof the expected branch IP address and obtain a valid authenticated session from an unauthorized network location.
CVE-2026-42662 2 Liquid Web / Stellarwp, Wordpress 2 Event Tickets, Wordpress 2026-06-23 6.5 Medium
Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions.
CVE-2026-41000 1 Spring 1 Spring Web Services 2026-06-23 3.7 Low
Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be ineffective even when operators configured a replay cache on the interceptor. Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.
CVE-2026-45170 2 Cyberark, Cyberark Software A Palo Alto Networks Company 2 Pam Sh Connector, Vendor Pam 2026-06-23 N/A
Idira Vendor PAM - Self-Hosted Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17
CVE-2026-56357 1 N8n 1 N8n 2026-06-23 4 Medium
n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data, spoofing GitHub webhook events.
CVE-2023-33854 1 Ibm 2 Db2 On Cloud Pak For Data, Db2 Warehouse On Cloud Pak For Data 2026-06-23 5.3 Medium
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.
CVE-2026-9697 2 Redhat, Undici 2 Hummingbird, Undici 2026-06-23 7.4 High
Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername settings. Applications that pin to an internal or corporate CA via requestTls.ca will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange. Affected applications are those that use undici's ProxyAgent (or Socks5ProxyAgent directly) with SOCKS5 AND rely on requestTls for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added. Patches: Upgrade to undici v7.28.0 or v8.5.0. Workarounds: No workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy ProxyAgent instead, where requestTls is honored correctly.