CVE-2026-48248

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests issued during the login/authentication flow. An attacker positioned on the network path...

WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin <= 7.8.5.10 - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authenticated (Subscriber+) SSL Setup Tampering vulnerability

One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin = 7.8.5.10 - One Click SSL & Force HTTPS = 7.8.5.10 - Missing Authorization to Authenticated Subscriber+ SSL Setup Tampering vulnerability discovered by Kitch - KitchGlobal in WordPress Plugin WP Encryption – One...

RHCOS 6 : jenkins (RHSA-2013:0700)

The remote Red Hat Enterprise Linux CoreOS 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:0700 advisory. - maven-wagon: all SSL certificate checking is disabled by default CVE-2013-0253 Note that Nessus has not tested for this issue but has inste...

WordPress Auto-Install Free SSL – Generate & Install Free SSL Certificates plugin <= 4.5.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Free SSL Certificate Plugin, HTTPS Redirect, Renewal Reminder – Auto-Install Free SSL versions = 4.5.0...

GHSA-PPVX-RWH9-7RJ7 pyload-ng: Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng

Summary The ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch causes the admin-only check to always evaluate to False, allowing any user with...

CVE-2026-35586

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch...

PYSEC-2026-123

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch...

CVE-2026-35586

The vulnerability CVE-2026-35586 affects pyload-ng and stems from an incorrect admin-only configuration guard: the ADMIN_ONLY_CORE_OPTIONS set uses ssl_cert and ssl_key instead of the actual ssl_certfile and ssl_keyfile names, and ssl_certchain was not included. This lets any non-admin user with ...

CVE-2026-35586 Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch...

CVE-2025-15612 Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Ceph vulnerabilities (USN-8045-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8045-1 advisory. Martin Schobert discovered that Ceph did not properly verify SSL certificates when...

CVE-2026-24935

A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...

PT-2026-5767

A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...

Security Bulletin: Multiple Vulnerabilities affects IBM Data Studio Client 4.2.0

Summary Security Fix of multiple Vulnerabilities of IBM Data Studio Client 4.2.0 Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high...

MiracleLinux 7 : squid-3.5.20-17.el7.10 (AXSA:2024-7673:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7673:03 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: denial of service in HTTP request parsing CVE-2023-50269 squid: Buffer over-rea...

MiracleLinux 3 : w3m-0.5.1-17.AXS3 (AXSA:2010-392:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-392:01 advisory. The w3m program is a pager or text file viewer that can also be used as a text-mode Web browser. W3m features include the following: when reading an HTML...

CVE-2023-25392

Allegro Tech BigFlow 1.6 is vulnerable to Missing SSL Certificate Validation...

CVE-2009-4123

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation...

CVE-2021-31747

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in updateapplet.php, which could lead to man-in-the-middle attacks...

CVE-2016-10797

cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains SEC-133...