Lucene search
K

15 matches found

NVD
NVD
added 2026/06/26 2:16 a.m.9 views

CVE-2026-48934

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

MISP modules 信任管理问题漏洞

MISP modules are scalable threat intelligence platform modules developed under the open-source MISP Project. They support import, export, expansion, and automated workflows. Prior to version 3.0.7, there were vulnerabilities related to trust management in MISP modules. These vulnerabilities stemm...

5.8CVSS5.9AI score0.00102EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/07 8:16 p.m.9 views

CVE-2026-42225

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...

8.2CVSS5.7AI score0.00161EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/04 10:7 p.m.9 views

Incorrect Authorization

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Incorrect Authorization in the setconfigvalue process. An attacker can disable outbound TLS peer verification by setting the sslverify configuration to 'off...

7.6CVSS5.7AI score0.00174EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.5 views

Fedora 42 : cpp-httplib (2026-04a531cece)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-04a531cece advisory. Update to 0.37.2 - Fixes silent TLS certificate verification bypass on HTTPS Redirect via proxy CVE-2026-32627, rhbz2448105 Source:...

8.7CVSS6AI score0.00179EPSS
Exploits1References2
CVE
CVE
added 2026/03/13 8:48 p.m.33 views

CVE-2026-32627

cpp-httplib before 0.37.2 is vulnerable when using a proxy and set_follow_location(true): HTTPS redirects can bypass TLS certificate and hostname verification on the redirected connection, allowing a network attacker to intercept credentials or tokens. The issue is fixed in 0.37.2.

8.7CVSS5.6AI score0.00179EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/10/30 9:38 a.m.11 views

CVE-2025-54470 NeuVector telemetry sender is vulnerable to MITM and DoS

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

8.6CVSS0.00179EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:41 a.m.3 views

SUSE CVE-2013-1431

The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks...

6.8CVSS6.9AI score0.02027EPSS
Exploits0References3
OSV
OSV
added 2020/07/07 8:52 a.m.23 views

ALSA-2020:2852 Important: nodejs:12 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.18.2. Security Fixes: nghttp2: overly large SETTINGS frames can lead to DoS...

9.3CVSS7.8AI score0.07646EPSS
Exploits4References5
RedHat Linux
RedHat Linux
added 2019/12/11 8:32 a.m.58 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.2 openshift-enterprise-builder-container security update

An update for openshift-enterprise-builder-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

5.7CVSS6.2AI score0.00409EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/11/03 8:36 a.m.5 views

python-keystoneclient: TLS certificate verification disabled

It was found that python-keystoneclient treated all settings in paste.ini files as string types. If the "insecure" option were set to any value in a paste.ini configuration file, it would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks...

4.3CVSS5.7AI score0.01948EPSS
Exploits0References4
securityvulns
securityvulns
added 2013/06/17 12:0 a.m.36 views

[SECURITY] [DSA 2702-1] telepathy-gabble security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2702-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso June 03, 2013 http://www.debian.org/security/faq -...

6.8CVSS1.4AI score0.02027EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/06/06 12:0 a.m.18 views

FreeBSD : telepathy-gabble -- TLS verification bypass (a3c2dee5-cdb9-11e2-b9ce-080027019be0)

"Simon McVittie reports : This release fixes a man-in-the-middle attack. If you use an unencrypted connection to a 'legacy Jabber' pre-XMPP server, this version of Gabble will not connect until you make one of these configuration changes : . upgrade the server software to something that supports...

6.8CVSS5.4AI score0.02027EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2013/06/03 12:0 a.m.23 views

Debian Security Advisory DSA 2702-1 (telepathy-gabble - TLS verification bypass)

Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble, the Jabber/XMPP connection manager for the Telepathy framework, does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perfor...

6.8CVSS6.1AI score0.02027EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2013/05/27 12:0 a.m.24 views

telepathy-gabble -- TLS verification bypass

Simon McVittie reports: This release fixes a man-in-the-middle attack. If you use an unencrypted connection to a "legacy Jabber" pre-XMPP server, this version of Gabble will not connect until you make one of these configuration changes: . upgrade the server software to something that supports XMP...

6.8CVSS6.2AI score0.02027EPSS
Exploits0References1
Rows per page
Query Builder