18 matches found
EUVD-2025-19095
Malicious code in bioql PyPI...
EUVD-2025-19096
Malicious code in bioql PyPI...
CVE-2025-41255
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates e.g., self-signed, unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17....
CVE-2025-41256
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates e.g., self-signed, since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5...
CVE-2025-41256
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates e.g., self-signed, since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5...
CVE-2025-41256
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates e.g., self-signed, since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5...
CVE-2025-41255
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates e.g., self-signed, unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17....
CVE-2025-41255
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates e.g., self-signed, unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17....
CVE-2025-41255 Cyberduck and Mountain Duck - Improper Certificate Store Handling
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates e.g., self-signed, unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17....
CVE-2025-41255 Cyberduck and Mountain Duck - Improper Certificate Store Handling
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates e.g., self-signed, unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17....
CVE-2025-41255
The CVE-2025-41255 issue affects Cyberduck and Mountain Duck through TLS certificate pinning handling. According to multiple sources, the vulnerable behavior is the unnecessary installation of untrusted certificates (e.g., self-signed) into the Windows Certificate Store of the current user, drive...
CVE-2025-41256 Cyberduck and Mountain Duck - Weak Hash Algorithm for Certificate Fingerprint
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates e.g., self-signed, since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5...
CVE-2025-41256 Cyberduck and Mountain Duck - Weak Hash Algorithm for Certificate Fingerprint
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates e.g., self-signed, since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5...
CVE-2025-41256
CVE-2025-41256 affects Cyberduck (through 9.1.6) and Mountain Duck (through 4.17.5) due to improper TLS certificate pinning for untrusted certificates, with fingerprint storage using SHA-1. This creates a high-severity risk (CVSSv3: 7.4, High) for network-based situations where self-signed or unt...
iterate Cyberduck和iterate Mountain Duck 安全漏洞
iterate Cyberduck and iterate Mountain Duck are both open source file transfer clients from iterate. A security vulnerability exists in iterate Cyberduck 9.1.6 and earlier and iterate Mountain Duck 4.17.5 and earlier, which stems from improper handling of TLS certificate fixing and could lead to...
PT-2025-26818 · Unknown +1 · Mountain Duck +1
Name of the Vulnerable Software and Affected Versions: Cyberduck versions through 9.1.6 Mountain Duck versions through 4.17.5 Description: The issue is related to improper handling of TLS certificate pinning for untrusted certificates, such as self-signed certificates, in Cyberduck and Mountain...
PT-2025-26819 · Unknown +1 · Mountain Duck +1
Name of the Vulnerable Software and Affected Versions: Cyberduck versions prior to 9.1.7 Mountain Duck versions prior to 4.17.6 Description: The issue concerns improper handling of TLS certificate pinning for untrusted certificates, such as self-signed ones. This results in the unnecessary...
iterate Cyberduck和iterate Mountain Duck 安全漏洞
iterate Cyberduck and iterate Mountain Duck are both open source file transfer clients from iterate. A security vulnerability exists in iterate Cyberduck 9.1.6 and earlier and iterate Mountain Duck 4.17.5 and earlier, which stems from the use of SHA-1 to store certificate fingerprints, which coul...