Lucene search
K

291 matches found

Positive Technologies
Positive Technologies
added 2025/06/04 12:0 a.m.8 views

PT-2025-23855 · Freshrss · Freshrss

Name of the Vulnerable Software and Affected Versions: FreshRSS versions prior to 1.26.2 Description: The issue allows an attacker to poison feed favicons by manipulating the feed URL and proxy settings, potentially replacing favicons for all users. This is possible because the favicon hash...

4.3CVSS6.3AI score0.00159EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/24 7:11 p.m.12 views

CVE-2024-13956

SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

8.8CVSS7.2AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:27 a.m.8 views

CVE-2024-32928

The libcurl CURLOPTSSLVERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through...

5.9CVSS6.7AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.11 views

CVE-2023-38699

MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with verify=False disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version...

9.1CVSS6.7AI score0.0024EPSS
Exploits0
NVD
NVD
added 2025/05/22 7:15 p.m.9 views

CVE-2024-13956

SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

8.8CVSS0.00363EPSS
Exploits0References1
CVE
CVE
added 2025/05/22 6:33 p.m.43 views

CVE-2024-13956

The CVE-2024-13956 entry affects ABB products: ASPECT-Enterprise, NEXUS Series, and MATRIX Series, all reported as vulnerable through version 3.*. The underlying issue is an SSL verification bypass that can occur if administrator credentials are compromised, enabling elevated risk to confidential...

8.8CVSS6.7AI score0.00363EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/22 6:33 p.m.8 views

CVE-2024-13956 SSL Verification Bypass

SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

8.8CVSS0.00363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/22 6:33 p.m.8 views

CVE-2024-13956 SSL Verification Bypass

SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

8.8CVSS6.8AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:26 a.m.14 views

CVE-2019-10334

Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files...

6.5CVSS6.8AI score0.01303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:22 a.m.9 views

CVE-2019-10381

Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM...

7.5CVSS6.8AI score0.01117EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 a.m.8 views

CVE-2017-17716

GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verifycertificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlabomniauth-ldap gem...

5.9CVSS6.7AI score0.00927EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:40 a.m.4 views

CVE-2012-5809

The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS6.9AI score0.00566EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/22 12:0 a.m.5 views

PT-2025-22543 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3. NEXUS Series versions through 3. MATRIX Series versions through 3. Description: SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromised. This issue poses a...

8.8CVSS6.6AI score0.00363EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.20 views

Alibaba Cloud Linux 3 : 0261: Moderate: python27:2.7 (ALINUX3-SA-2024:0261)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0261 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-11236: In the urllib3 library...

9.8CVSS9.1AI score0.35963EPSS
Exploits20References26
NVD
NVD
added 2025/05/06 6:15 p.m.17 views

CVE-2025-37730

Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle MitM attack in “client” mode, as hostname verification in TCP output was not being performed when the sslverificationmode = full was set...

6.5CVSS0.00145EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/04/06 8:59 p.m.262 views

Exploit for CVE-2025-29927

CVE-2025-29927 Next.js Middleware Bypass Scanner CVE-2025...

9.1CVSS9.6AI score0.99301EPSS
Exploits58
GithubExploit
GithubExploit
added 2025/03/29 10:19 p.m.655 views

Exploit for CVE-2023-46988

ONLYOFFICE Path Traversal Exploit CVE-2023-46988 📌 Overv...

6.7CVSS6.5AI score0.00498EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 6:0 p.m.19 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.10 LTS and 12.10.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

8.7CVSS7.5AI score0.02439EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.16 views

Azure Linux 3.0 Security Update: cloud-hypervisor-cvm / openssl (CVE-2024-12797)

The version of cloud-hypervisor-cvm / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12797 advisory. - Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server M...

6.3CVSS7AI score0.02439EPSS
Exploits0References2
OSV
OSV
added 2025/02/18 7:25 p.m.3 views

GHSA-M3PM-RPGG-5WJ6 Home Assistant does not correctly validate SSL for outgoing requests in core and used libs

Summary Problem: Potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. Details In the past, aiohttp-session/request had the parameter verifyssl to control SSL certificate verification. This was a boolean value. In...

7CVSS6AI score0.00229EPSS
Exploits0References4
Rows per page
Query Builder