3 matches found
CVE-2025-67752
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...
LemonLDAP::NG 信任管理问题漏洞
LemonLDAP::NG is a web single sign-on and access management software. A security vulnerability exists in LemonLDAP::NG version 2.0.8, which stems from a default failure to check the validity of X.509 certificates when connecting to a remote LDAP backend, due to the use of the default configuratio...
AZL-45213 CVE-2021-31597 affecting package js-jquery 3.5.0-4
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized when the property exists but is undefined is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected...