CVE-2026-10584

Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...

CVE-2025-59852

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

CVE-2026-39807 Client-supplied URI scheme trusted without transport verification in bandit

Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. 'Elixir.Bandit.Pipeline':determinescheme/2 in lib/bandit/pipeline.ex returns the client-supplied URI scheme verbatim, ignoring the...

CVE-2025-15612

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...

CVE-2025-15612 Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...

CVE-2025-15612

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...

CVE-2025-58406

The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls...

PT-2026-22579

Name of the Vulnerable Software and Affected Versions CGM CLININET affected versions not specified Description The CGM CLININET application is missing essential security HTTP headers, which can expose users to various client-side attacks. These attacks include clickjacking, MIME sniffing, unsafe...

GO-2026-4397 OpenList has Insecure TLS Default Configuration in github.com/OpenListTeam/OpenList

OpenList has Insecure TLS Default Configuration in github.com/OpenListTeam/OpenList...

PT-2026-6521

OpenList has Insecure TLS Default Configuration in github.com/OpenListTeam/OpenList...

CVE-2025-52631 HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability.

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...

MiracleLinux 8 : perl-HTTP-Tiny-0.074-2.el8 (AXSA:2023-7126:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-7126:02 advisory. http-tiny: insecure TLS cert default CVE-2023-31486 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

CVE-2024-32384

Kerlink KerOS gateways before version 5.10 expose the web interface only over HTTP, with no HTTPS support. This transport security gap enables a man‑in‑the‑middle attacker to intercept/modify traffic between clients and devices. Affected product: Kerlink gateways running KerOS pre‑5.10. Root caus...

TencentOS Server 4: perl-HTTP-Tiny (TSSA-2024:0938)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0938 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-11695

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5 Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Securi...

EUVD-2018-6602

Malware in sbrugna...

EUVD-2024-54864

Malicious code in bioql PyPI...

PT-2025-39149

Name of the Vulnerable Software and Affected Versions CleverControl versions prior to 11.5.1041.6 Description The software does not validate TLS server certificates during installation. The installer uses curl.exe --insecure to download and execute external components, allowing a man-in-the-middl...

CVE-2025-34199 Vasion Print (formerly PrinterLogic) Insecure SSL Verification Allows Man-in-the-Middle Attacks

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786 VA and SaaS deployments contain insecure defaults and code patterns that disable TLS/SSL certificate verification for communications to printers and internal...

Linux Distros Unpatched Vulnerability : CVE-2020-15260

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN,...