CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

161 matches found

Positive Technologies•added 2026/05/21 12:0 a.m.•7 views

PT-2026-42527

Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile login.inc.php by setting CURLOPT SSL VERIFYPEER to false and not setting CURLOPT SSL VERIFYHOST when issuing outbound HTTPS requests for outbound HTTPS requests issued during the mobile RouteMate login flow. A...

8.2CVSS5.9AI score0.00173EPSS

Exploits0References4

CNNVD•added 2026/05/21 12:0 a.m.•5 views

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in the ajax/reports.php file...

8.2CVSS5.8AI score0.00169EPSS

Exploits0References1

ATTACKERKB•added 2026/05/13 7:16 p.m.•5 views

CVE-2026-44363

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

5.8CVSS6AI score0.00102EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/04/01 8:9 a.m.•28 views

CVE-2026-4370 Improper TLS Client/Server authentication and certificate verification on Database Cluster

A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client...

10CVSS0.00381EPSS

Exploits1References1

NVD•added 2026/01/12 4:16 p.m.•5 views

CVE-2025-71063

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers...

8.2CVSS0.00135EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 12:33 p.m.•7 views

CVE-2023-31136

PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and...

5.9CVSS6.6AI score0.0049EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:35 a.m.•4 views

CVE-2024-41255

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go...

7.5CVSS7.1AI score0.00241EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:49 a.m.•11 views

CVE-2022-27820

OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...

4.3CVSS6.9AI score0.00654EPSS

Exploits0References1