Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1219)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle GoldenGate for Big Data MiTM Vulnerability 19.x < 19.1.0.0.22 (January 2026 CPU)

According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...

CVE-2025-40801

A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, JT Bi-Directional Translator for STEP All versions, NX V2412 All versions V2412.8900 with Cloud Entitlement bundled as NX X, NX V2506 All versions V2506.6000 with Cloud Entitlement bundled a...

CVE-2025-11619

Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic...

EUVD-2021-19498

Malware in sbrugna...

EUVD-2016-1327

Malware in sbrugna...

EUVD-2019-0226

Malware in sbrugna...

EUVD-2019-0336

Malware in sbrugna...

EUVD-2023-0498

Malicious code in bioql PyPI...

EUVD-2024-48469

Malicious code in bioql PyPI...

EUVD-2024-45801

Malicious code in bioql PyPI...

EUVD-2023-2858

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-44273

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - e2guardian v5.4.x = v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode i.e., acting as a proxy or a transparen...

Security Bulletin: OpenSSL 3.2 RPK Verification Bypass May Allow MITM Attacks in TLS/DTLS Connections, which affects IBM watsonx.data

Summary Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be...

OESA-2025-1552 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Erlang/OTP is a set of libraries for the Erlang...

CVE-2021-32700

Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate checking was ignored...

Erlang/OTP (Erlang OTP) MITM Vulnerability (May 2025) - Windows

Erlang/OTP Erlang OTP is prone to a man-in-the-middle MITM vulnerability in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Erlang/OTP (Erlang OTP) MITM Vulnerability (May 2025) - Linux

Erlang/OTP Erlang OTP is prone to a man-in-the-middle MITM vulnerability in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2025-46551

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

curl: [High] MITM via Insecure CA Path Handling in cURL (--capath, CURLOPT_CAPATH) (CWE-494: Download of Code Without Integrity Check)

Summary: The --capath option in cURL and CURLOPTCAPATH in libcurl accept any directory path without validation. If an attacker provides a custom CA path containing a fake root certificate, cURL will trust malicious HTTPS endpoints signed with that fake root. This allows for full Man-in-the-Middle...