Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.6 views

CVE-2026-24933

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...

8.9CVSS5.5AI score0.00204EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 3:15 a.m.5 views

CVE-2026-24932

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

5.9CVSS5.9AI score0.00206EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 2:26 a.m.4 views

CVE-2026-24934 An improper certificate validation vulnerability was found in ADM while querying an external server for the device's WAN IP address.

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 2:26 a.m.7 views

EUVD-2026-5285

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 2:19 a.m.32 views

CVE-2026-24932 An improper certificate validation vulnerability was found in ADM while updating the DDNS settings.

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS0.00206EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/06/08 12:0 a.m.1 views

Joomla core 3.0.0-3.10.15-elts,4.0.0-4.4.5,5.0.0-5.1.1 - Unauthenticated XSS in StringHelper::truncate method vulnerability

Unauthenticated XSS in StringHelper::truncate method vulnerability discovered by ? in WordPress Core Joomla versions 3.0.0-3.10.15-elts,4.0.0-4.4.5,5.0.0-5.1.1...

6.1CVSS6.4AI score0.00442EPSS
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/06/03 12:0 a.m.23 views

[20240702] - Core - Self-XSS in fancyselect list field layout

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...

5.4CVSS5.8AI score0.00424EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/26 12:0 a.m.3 views

PT-2023-15710 · Google · Widevine Trusted Application

Name of the Vulnerable Software and Affected Versions: Widevine Trusted Application TA versions 5.0.0 through 5.1.1 Description: The issue is related to an integer overflow and resultant buffer overflow in the drm save keys feature, specifically with the feature name len. Recommendations: For...

9.8CVSS9.5AI score0.00928EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.6 views

Widevine 输入验证错误漏洞

Widevine is a proprietary digital rights management DRM system from Widevine, Inc. An input validation error vulnerability exists in Widevine Trusted Application versions 5.0.0 through 5.1.1, which stems from the presence of an integer overflow issue that results in a buffer overflow...

9.8CVSS8.9AI score0.00928EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/06/19 9:22 p.m.18 views

CVE-2017-14395

Auth 2.0 Authorization Server of ForgeRock Access Management OpenAM 13.5.0-13.5.1 and Access Management AM 5.0.0-5.1.1 does not correctly validate redirecturi for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS...

6.4AI score0.00793EPSS
Exploits0References1
Rows per page
Query Builder