291 matches found
PT-2025-23855 · Freshrss · Freshrss
Name of the Vulnerable Software and Affected Versions: FreshRSS versions prior to 1.26.2 Description: The issue allows an attacker to poison feed favicons by manipulating the feed URL and proxy settings, potentially replacing favicons for all users. This is possible because the favicon hash...
CVE-2024-13956
SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-32928
The libcurl CURLOPTSSLVERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through...
CVE-2023-38699
MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with verify=False disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version...
CVE-2024-13956
SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-13956
The CVE-2024-13956 entry affects ABB products: ASPECT-Enterprise, NEXUS Series, and MATRIX Series, all reported as vulnerable through version 3.*. The underlying issue is an SSL verification bypass that can occur if administrator credentials are compromised, enabling elevated risk to confidential...
CVE-2024-13956 SSL Verification Bypass
SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-13956 SSL Verification Bypass
SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2019-10334
Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files...
CVE-2019-10381
Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM...
CVE-2017-17716
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verifycertificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlabomniauth-ldap gem...
CVE-2012-5809
The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
PT-2025-22543 · Unknown · Nexus Series +2
Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3. NEXUS Series versions through 3. MATRIX Series versions through 3. Description: SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromised. This issue poses a...
Alibaba Cloud Linux 3 : 0261: Moderate: python27:2.7 (ALINUX3-SA-2024:0261)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0261 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-11236: In the urllib3 library...
CVE-2025-37730
Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle MitM attack in “client” mode, as hostname verification in TCP output was not being performed when the sslverificationmode = full was set...
Exploit for CVE-2025-29927
CVE-2025-29927 Next.js Middleware Bypass Scanner CVE-2025...
Exploit for CVE-2023-46988
ONLYOFFICE Path Traversal Exploit CVE-2023-46988 📌 Overv...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.10 LTS and 12.10.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
Azure Linux 3.0 Security Update: cloud-hypervisor-cvm / openssl (CVE-2024-12797)
The version of cloud-hypervisor-cvm / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12797 advisory. - Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server M...
GHSA-M3PM-RPGG-5WJ6 Home Assistant does not correctly validate SSL for outgoing requests in core and used libs
Summary Problem: Potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. Details In the past, aiohttp-session/request had the parameter verifyssl to control SSL certificate verification. This was a boolean value. In...