CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1342 matches found

SUSE CVE•added 2025/12/20 12:27 a.m.•10 views

SUSE CVE-2025-68161

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...

5.4CVSS6.8AI score0.00743EPSS

Exploits1References5

CVE•added 2025/12/12 2:30 a.m.•8 views

CVE-2025-13052

CVE-2025-13052 describes improper TLS/SSL certificate validation in ADM notifications when sending emails via msmtp, enabling potential MITM disclosure of SMTP data. Affected: ADM 4.1.0–4.3.3.RKD2 and 5.0.0–5.1.0.RN42. Root cause: TLS/SSL validation weakness between SMTP client and server. Impact...

7CVSS6.4AI score0.00157EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/12/12 12:0 a.m.•3 views

PT-2025-50802

Name of the Vulnerable Software and Affected Versions ADM versions 4.1.0 through 4.3.3.RKD2 ADM versions 5.0.0 through 5.1.0.RN42 Description An improperly validated TLS/SSL certificate when sending emails to an SMTP server via msmtp allows an attacker intercepting network traffic to execute a...

7CVSS6.7AI score0.00157EPSS

Exploits0References5

RedhatCVE•added 2025/11/27 1:54 p.m.•2 views

CVE-2025-63432

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...

4.6CVSS7.1AI score0.00144EPSS

Exploits1References1

Cvelist•added 2025/11/24 12:0 a.m.•7 views

CVE-2025-63432

0.00144EPSS

Exploits1References2

OSV•added 2025/11/05 7:16 p.m.•4 views

CVE-2025-56232

GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...

6.8CVSS5.8AI score0.00112EPSS

Exploits1References2

NVD•added 2025/11/05 7:16 p.m.•6 views

CVE-2025-56232

6.8CVSS0.00112EPSS

Exploits1References2

Snyk•added 2025/10/15 5:39 p.m.•3 views

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

8.2CVSS6.6AI score0.00681EPSS

Exploits0References2

Snyk•added 2025/10/15 7:46 a.m.•3 views

Improper Verification of Cryptographic Signature

Overview org.apache.spark:spark-network-common2.12 is an open-source distributed general-purpose cluster-computing framework. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature when the spark.network.crypto.enabled is true and the cipher is not...

9CVSS6.9AI score0.00225EPSS

Exploits0References2

OSV•added 2025/10/10 3:4 p.m.•4 views

JLSEC-2025-27 curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MI...

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...

4.3CVSS6.9AI score0.03141EPSS

Exploits1References9