CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/07/23 6:24 p.m.•7 views

CVE-2025-36106

IBM Cognos Analytics Mobile iOS 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library ...

8.2CVSS6AI score0.00107EPSS

NVD•added 2025/07/21 7:15 p.m.•2 views

CVE-2025-36106

8.2CVSS0.00107EPSS

Cvelist•added 2025/07/21 6:8 p.m.•5 views

CVE-2025-36106 IBM Cognos Analytics Mobile (iOS) information disclosure

6.5CVSS0.00107EPSS

Vulnrichment•added 2025/07/21 6:8 p.m.•3 views

CVE-2025-36106 IBM Cognos Analytics Mobile (iOS) information disclosure

6.5CVSS6.6AI score0.00107EPSS

CVE•added 2025/07/21 6:8 p.m.•14 views

CVE-2025-36106

CVE-2025-36106 affects IBM Cognos Analytics Mobile (iOS) 1.1.0–1.1.22. The root cause is use of a deprecated/misconfigured AFNetworking library at runtime, enabling an attacker to view and modify information transmitted by the app and potentially access confidential data on the device or network....

8.2CVSS6.6AI score0.00107EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/07/21 12:0 a.m.•0 views

PT-2025-30324 · Ibm +1 · Ibm Cognos Analytics Mobile +1

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics Mobile iOS versions 1.1.0 through 1.1.22 Description: The application uses a deprecated or misconfigured AFNetworking library at runtime, potentially allowing malicious actors to view and modify information transmitted to...

8.2CVSS5.9AI score0.00107EPSS

Veracode•added 2017/02/08 6:23 a.m.•11 views

Arbitary Code Injection

AFNetworking is vulnerable to arbitrary code injection. It uses a hard-coded multipart form data boundary, potentially allowing an attacker to inject and execute malicious code...

7.7AI score

Veracode•added 2017/02/02 8:25 a.m.•21 views

Spoofing SSL Servers Via An Arbitrary Valid Certificate.

AFNetworking has a flaw which allows attackers to spoof SSL servers. The vulnerability exists because the default value for AFSecurityPolicy.validatesDomainName is not set to Yes. Therefore, it does not perform verification of a server hostname against the domain name in the subject's Common Name...

4.3CVSS5.9AI score0.00158EPSS

Exploits0References4Affected Software1

NVD•added 2015/10/27 4:59 p.m.•21 views

CVE-2015-3996

The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subject's Common Name CN of the X.509 certificate, whi...

4.3CVSS6.2AI score0.00158EPSS

Prion•added 2015/10/27 4:59 p.m.•18 views

Default configuration

4.3CVSS6.7AI score0.00158EPSS

Exploits0References4Affected Software1

Cvelist•added 2015/10/27 4:0 p.m.•15 views

CVE-2015-3996

6.2AI score0.00158EPSS

CVE•added 2015/10/27 4:0 p.m.•54 views

CVE-2015-3996

CVE-2015-3996 affects the AFNetworking framework before 2.5.3 (as used by the ownCloud iOS Library). The default AFSSLPinningModeNone disables hostname verification against the certificate’s CN, allowing a MITM attacker to spoof SSL servers with an arbitrary valid certificate. Affected components...

4.3CVSS6.3AI score0.00158EPSS

Exploits0References4Affected Software1

OwnCloud•added 2015/08/31 11:45 a.m.•34 views

Improper validation of certificates within the iOS application - ownCloud

The ownCloud iOS Library was vulnerable against a remotely exploitable certification problem until version 1.1.2. The vulnerable library version is used by the official ownCloud iOS client until version 3.4.4. Specifically it has been discovered that the used networking library AFNetworking is pe...

4.3CVSS6AI score0.00158EPSS

Exploits0Affected Software1

OwnCloud•added 2015/08/03 2:56 p.m.•38 views

Mobile App: Improper validation of certificates within the iOS application

4.3CVSS6AI score0.00158EPSS

Exploits0Affected Software1

ThreatPost•added 2015/04/27 11:38 a.m.•12 views

Second Crypto Bug in Networking Library Could Affect 25,000 Apps

A few weeks after the developers of the AFNetworking library that’s popular among iOS and OS X app developers patched a serious bug in the library that enabled man-in-the-middle attacks, another, similar flaw has surfaced. The new vulnerability is related to how the AFNetworking library handles...

1.3AI score

myhack58•added 2015/04/27 12:0 a.m.•35 views

Popular iOS network communications library AFNetworking exposed SSL vulnerability, the impact of China UnionPay, Bank of China, Bank of communications, 2. 5 million iOS applications-vulnerability warning-the black bar safety net

A presence in the popular open source iOS network communications library AFNetworking in severe vulnerability that the Apple App Store 2 5 0 0 0 a iOS app in HTTPS traffic exposure in-the-middle（MITM attack. AFNetworking is a famous open source network library, to be able to developers in iOS and...

0.8AI score

The Hacker News•added 2015/04/25 1:36 a.m.•13 views

Critical SSL Vulnerability Leaves 25,000 iOS Apps Vulnerable to Hackers

A critical vulnerability resides in AFNetworking could allow an attacker to cripple the HTTPS protection of 25,000 iOS apps available in Apple's App Store via man-in-the-middle MITM attacks. AFNetworking is a popular open-source code library that lets developers drop networking capabilities into...

6.6AI score

Duo Security Advisories•added 1976/01/01 12:0 a.m.•11 views

DUO-PSA-2015-002: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2015-002 Original Publication Date: 2015-04-06 Revision Date: 2015-04-13 Status: Confirmed, Fixed Document Revision: 2 Overview Duo Security has identified an issue in recent versions of Duo Mobile for iOS that could allow attackers to perform a...

0.9AI score