3247 matches found
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the handling of HTTPS redirects when a proxy is configured and setfollowlocation is enabled. An attacker can intercept sensitive information by presenting a forged, expired, or self-signed...
CVE-2026-32627
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...
CVE-2026-32627
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...
CVE-2026-31798
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and...
CVE-2026-31798
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and...
CVE-2026-31798 JumpServer Improper Certificate Validation in Custom SMS API Client
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and...
EUVD-2026-12081
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and...
CVE-2026-31798 JumpServer Improper Certificate Validation in Custom SMS API Client
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and...
CVE-2026-31798 JumpServer Improper Certificate Validation in Custom SMS API Client
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and...
EUVD-2026-11352
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application...
CVE-2026-2368
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...
User Impersonation
Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to User Impersonation in the app registration process. An attacker can gain unauthorized access to sensitive API credentials by exploiting the ability to...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via an unbounded read of the HTTP response body during notarization. An attacker can exhaust system memory and cause a crash by supplying a maliciously large HTTP response body if the...
CVE-2026-2368
CVE-2026-2368 involves an improper certificate validation vulnerability in the Lenovo Filez application. The issue could allow an attacker capable of intercepting network traffic to achieve arbitrary code execution on affected systems. From the provided metrics, the vulnerability has a high impac...
CVE-2026-2368
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...
CVE-2026-2368
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...
CVE-2026-1068
CVE-2026-1068 concerns Lenovo Filez with an improper certificate validation flaw. The issue arises in the application’s handling of TLS certificates, allowing an attacker capable of intercepting network traffic (adjacent access) to potentially obtain sensitive user data. The vulnerability is clas...
CVE-2026-1068
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application...
CVE-2026-1068
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application...
CVE-2026-31960 DoS in Quill via unbounded read of HTTP response body during notarization
Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...