Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2011-5136

Malware in sbrugna...

5.8CVSS6.4AI score0.00185EPSS
Exploits0References2
OSV
OSVadded 2022/05/14 2:10 a.m.27 views

GHSA-QGFG-GVFF-523V python-glanceclient vulnerable to SSL server spoofing due to unverified X.509 certificate

The Python client library for Glance python-glanceclient before 0.10.0 does not properly check the preverifyok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate and allows...

8.7CVSS6AI score0.00285EPSS
Exploits0References11
Prion
Prionadded 2016/05/20 2:59 p.m.17 views

Code injection

The 1 mbedconnectstep1 function in lib/vtls/mbedtls.c and 2 polarsslconnectstep1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid...

2.6CVSS7.1AI score0.01068EPSS
Exploits0References10Affected Software1
Debian CVE
Debian CVEadded 2016/05/20 12:0 a.m.26 views

CVE-2016-3739

The 1 mbedconnectstep1 function in lib/vtls/mbedtls.c and 2 polarsslconnectstep1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid...

5.3CVSS5.7AI score0.01068EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2016/05/18 8:48 a.m.24 views

CVE-2016-3739

The 1 mbedconnectstep1 function in lib/vtls/mbedtls.c and 2 polarsslconnectstep1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid...

5.3CVSS5.3AI score0.01068EPSS
Exploits0References2
Prion
Prionadded 2014/02/27 1:55 a.m.21 views

Code injection

curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a...

4.3CVSS6.5AI score0.03073EPSS
Exploits2References11Affected Software1
Prion
Prionadded 2012/11/04 10:55 p.m.23 views

Code injection

The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to...

5.8CVSS6.8AI score0.00134EPSS
Exploits2References1
Cvelist
Cvelistadded 2012/11/04 10:0 p.m.18 views

CVE-2012-5818

ElephantDrive does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

6.5AI score0.00134EPSS
Exploits1References2
Rows per page
Query Builder