Malicious code in pretie_x1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6308c285cb943f91fc16f7872bce135b8347b827139f5ad0cf8706ba992f104 Package masquerades as the prettier formatter name pretiex1, description "Opinionated code formatter for modern JavaScript and TypeScript.", keywords...

CVE-2026-41714

Spring AMQP 2.4.x/3.1.x/3.2.x/4.0.x (versions 2.4.0–2.4.17, 3.1.0–3.1.15, 3.2.0–3.2.10, 4.0.0–4.0.3) are affected by CVE-2026-41714. The issue occurs when a broker connection is configured via RabbitConnectionFactoryBean.setUri("amqps://...") without calling setUseSSL(true). This leads to TLS enc...

CVE-2026-32992

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials...

CVE-2026-45574

The CVE affects the epa4all-client Java library (for epa4all / ePA 3.0). Before version 1.2.2, a network-path attacker could present any TLS certificate (self-signed/expired/wrong CN) and intercept SOAP traffic, exposing KVNRs, SMC-B authentication/signing, document content, and credential exchan...

epa4all-client: TLS Certificate Validation Disabled in Production

Impact An attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient identifiers KVNR, SMC-B card operations authentication, signing, document content, and credential...

CVE-2026-44312

CVE-2026-44312 affects the Ruby CSS Parser gem. Prior to 2.1.0 and 1.22.0, the library does not validate HTTPS connections (OpenSSL::SSL::VERIFY_NONE), allowing a MITM attacker to inject/modify CSS content when loading stylesheets over HTTPS. The issue is fixed in 2.1.0 and 1.22.0. Remediation: u...

CVE-2025-15612 Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...

fog-kubevirt: fog-kubevirt: Man-in-the-Middle vulnerability due to disabled certificate validation

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle MITM attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in...

CVE-2025-70045

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTPS request options when 'jxobj.IsSecure' is true...

CVE-2025-70029

An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...

CVE-2025-70029

An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...

CVE-2026-1530

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle MITM attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in...

CVE-2026-1530

The CVE concerns fog-kubevirt, where disabled certificate validation enables a remote MITM, allowing interception and possible modification of communications between Satellite and OpenShift, leading to information disclosure and data integrity compromise. The provided documents do not specify aff...

CVE-2026-1530

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle MITM attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in...

CVE-2026-1530 Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle MITM attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in...

CVE-2025-11695

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5 Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Securi...

MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...

CVE-2025-11695

CVE-2025-11695 affects the MongoDB Rust Driver prior to v3.2.5. The root cause is that using tlsInsecure=False in a connection string disables certificate validation, enabling potential man-in-the-middle attacks over the network. The vulnerability is characterized with HIGH severity (CVSS metrics...

MongoDB Rust Driver 安全漏洞

MongoDB Rust Driver is a MongoDB open source client library that allows Rust programs to connect to MongoDB databases. A security vulnerability exists in MongoDB Rust Driver versions prior to v3.2.5 that stems from disabling certificate validation, which could lead to a man-in-the-middle attack...

Vasion Print Virtual Appliance Host和Vasion Print Application 信任管理问题漏洞

Vasion Print Virtual Appliance Host and Vasion Print Application are both products of Vasion Corporation of the U.S.A. Vasion Print Virtual Appliance Host is a print management software.Vasion Print Application is a printer management application. A trust management issue vulnerability exists in...