1840 matches found
CVE-2026-44213 OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured
The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...
CVE-2026-44213
The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...
EUVD-2026-32014
The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...
Malicious Package
Overview codexui-android is a malicious package. offering a remote web UI for OpenAI Codex, secretly stealing Codex OAuth credentials. Malicious code exists only in published npm builds—not in the public GitHub repo—and runs at import time, reading /.codex/auth.json, XOR-encrypting it, and POSTin...
CVE-2026-48697
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...
DEBIAN-CVE-2026-48697
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...
CVE-2026-48697
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...
UBUNTU-CVE-2026-48697
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...
Malicious code in metricflow-tracker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9a1c269ce5e462d7e555ce1ca34b7f2e54e3d34ea094d35a67aa7c61d1fe34e The package's exported Metricflow React component defaults serverUrl to http://51.38.65.105:21531 and, when rendered, appends a tag to document.head ...
MAL-2026-4805 Malicious code in metricflow-tracker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9a1c269ce5e462d7e555ce1ca34b7f2e54e3d34ea094d35a67aa7c61d1fe34e The package's exported Metricflow React component defaults serverUrl to http://51.38.65.105:21531 and, when rendered, appends a tag to document.head ...
EUVD-2026-31900
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...
CVE-2026-48697
Summary: CVE-2026-48697 affects FastNetMon Community Edition up to 1.2.9. The root cause is in execute_web_request_secure() in src/fast_library.cpp, which creates a Boost.Asio TLS client context (tls_client) and calls set_default_verify_paths() but never enables verify_peer. As a result, OpenSSL ...
CVE-2026-48697
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...
CVE-2026-48697
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...
CVE-2026-48697
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...
CVE-2026-48697
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...
OpenTelemetry Collector Contrib 信任管理问题漏洞
OpenTelemetry Collector Contrib is an extensible telemetry data collection component library developed by OpenTelemetry - CNCF. Versions of OpenTelemetry Collector Contrib prior to 1.1.0 contained a trust management vulnerability. This vulnerability stemmed from the lack of validation of HTTPS/TL...
PT-2026-43312
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute web request secure function in src/fast library.cpp creates a boost::asio::ssl::context with tls client mode and calls set default verify paths to load CA certificates, but never...
TencentOS Server 3: firefox (TSSA-2026:0397)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0397 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Malicious code in auth0-common-telemetry (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f3c3552f34433514fdec16e709163cc2f8aeac595a66544d9924a94e46a01fd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...