Linux Distros Unpatched Vulnerability : CVE-2025-12893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usa...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability previously existed in Mozilla Firefox version 134, which stemmed from a failure of ALPN to properly validate certificates when using Alt-Svc if the originating server redirecte...

nodejs: Improper handling of URI Subject Alternative Names

A flaw was found in node.js where it accepted a certificate's Subject Alternative Names SAN entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host...

Square OkHttp can accept the wrong certificate

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...