CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

471 matches found

Cvelist•added 2026/03/27 6:16 p.m.•21 views

CVE-2025-15612 Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...

6.3CVSS0.00074EPSS

Exploits1References2

ATTACKERKB•added 2026/02/03 2:28 a.m.•3 views

CVE-2026-24935

A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle MitM attacker can intercept or redirect the NAT tunnel establishment. This could...

6.3CVSS5.5AI score0.00012EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2026/01/20 12:0 a.m.•3 views

MiracleLinux 7 : squid-3.5.20-17.el7.10 (AXSA:2024-7673:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7673:03 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: denial of service in HTTP request parsing CVE-2023-50269 squid: Buffer over-rea...

8.6CVSS5.8AI score0.09621EPSS

Exploits0References7

RedhatCVE•added 2026/01/09 12:41 p.m.•8 views

CVE-2023-25392

Allegro Tech BigFlow 1.6 is vulnerable to Missing SSL Certificate Validation...

5.9CVSS6.7AI score0.00148EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:52 a.m.•5 views

CVE-2009-4123

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation...

7.5CVSS6.9AI score0.00255EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:24 a.m.•6 views

CVE-2021-31747

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in updateapplet.php, which could lead to man-in-the-middle attacks...

5.8CVSS6.7AI score0.00102EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:51 a.m.•4 views

CVE-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

4.8CVSS6.8AI score0.0013EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:9 a.m.•7 views

CVE-2019-11554

The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service...

5.9CVSS6.8AI score0.00206EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:9 a.m.•6 views

CVE-2019-11688

An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation...

8.8CVSS7AI score0.00391EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:6 a.m.•5 views

CVE-2019-20455

Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations...

5.9CVSS6.9AI score0.00376EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:52 a.m.•3 views

CVE-2020-10659

Entrust Entelligence Security Provider ESP before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where for example a user continues to interact with a web site that has an invalid certificate chain...

4.3CVSS6.8AI score0.00124EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:49 a.m.•6 views

CVE-2020-24714

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verifyhostname option...

9.8CVSS6.8AI score0.00222EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:12 a.m.•5 views

CVE-2022-0123

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services...

6.8CVSS6.6AI score0.00083EPSS

Exploits0References1

RedhatCVE•added 2025/11/07 1:46 p.m.•2 views

CVE-2025-56231

Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections...

9.1CVSS6.9AI score0.00042EPSS

Exploits1References1

CVE•added 2025/11/05 12:0 a.m.•5 views

CVE-2025-56231

Tonec Internet Download Manager (IDM) 6.42.41.1 and earlier is affected by a Missing SSL Certificate Validation vulnerability in the update mechanism, allowing a remote attacker to bypass update protections. Affected component is the update/SSL validation routine; root cause details are consisten...

9.1CVSS6.5AI score0.00042EPSS

Exploits1References2Affected Software1

EUVD•added 2025/11/05 12:0 a.m.•1 views

EUVD-2025-37933

Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections...

9.1CVSS6.4AI score0.00042EPSS

Exploits1References3

CNNVD•added 2025/11/04 12:0 a.m.•1 views

Tencent Docs Desktop 安全漏洞

Tencent Docs Desktop is a multiplayer online collaborative document tool from Tencent China. A security vulnerability exists in Tencent Docs Desktop 3.9.20 and prior versions, which stems from a lack of SSL certificate validation in the update component...

7.5CVSS6.8AI score0.00044EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-2239

Malware in sbrugna...

5.9CVSS5.7AI score0.00376EPSS

Exploits1References9

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-0457

Malware in sbrugna...

6.5CVSS6.8AI score0.00124EPSS

Exploits0References22