12 matches found
CVE-2025-11695
When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5 Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Securi...
GHSA-3P6W-GV5G-XJW9 MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string
When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...
MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string
When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...
CVE-2025-11695 Configuration may unexpectedly disable certificate validation
When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...
PT-2025-41792
Name of the Vulnerable Software and Affected Versions MongoDB Rust Driver versions prior to 3.2.5 Description The MongoDB Rust Driver is affected by an issue where setting tlsInsecure=False in a connection string disables certificate validation. Normally, this parameter should enforce strict TLS...
MongoDB Rust Driver 安全漏洞
MongoDB Rust Driver is a MongoDB open source client library that allows Rust programs to connect to MongoDB databases. A security vulnerability exists in MongoDB Rust Driver versions prior to v3.2.5 that stems from disabling certificate validation, which could lead to a man-in-the-middle attack...
PT-2025-33894
Name of the Vulnerable Software and Affected Versions: Redirection for Contact Form 7 plugin for WordPress versions up to and including 3.2.4 Description: The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input in the ge...
PT-2024-25686 · Kurwov · Kurwov
Name of the Vulnerable Software and Affected Versions: kurwov versions prior to 3.2.5 Description: The issue arises from an unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose. This allows a maliciously crafted string on the dataset to...
DEBIAN-CVE-2019-16392
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages...
SPIP Input Validation Error Vulnerability
SPIP is a Web-based content publishing system. The system is primarily used for online collaboration. An input validation error vulnerability exists in SPIP versions prior to 3.1.11 and 3.2.2 prior to 3.2.5, which arises from a web-based system or product that does not properly validate incoming...
PT-2019-4105 · Spip +1 · Spip +1
Name of the Vulnerable Software and Affected Versions: SPIP versions prior to 3.1.11 SPIP versions 3.2 prior to 3.2.5 Description: The issue is related to the lack of protection of the web page structure in the SPIP content management system. This can be exploited by a remote attacker to compromi...
Revive Adserver Elevation of Privilege Vulnerability
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A security vulnerability exists in Revive Adserver versions prior to 3.2.5 and 4.0.0, which stems from the...