Lucene search
K

56 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/23 6:6 p.m.5 views

CVE-2026-54323

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization...

5.9CVSS6.4AI score0.00117EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 6:6 p.m.41 views

CVE-2026-54323 Daytona: Git credential leak via git clone with TLS verification disabled

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization...

5.9CVSS0.00117EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 5:34 p.m.25 views

GHSA-R7G4-QG5F-QQM2 Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

Summary Nodemailer disables TLS certificate verification in its internal HTTPS fetch client through the use of rejectUnauthorized: false inside lib/fetch/index.js. As a result, OAuth2 token requests trust invalid or self-signed HTTPS certificates and transmit sensitive OAuth credentials over...

6.5CVSS5.7AI score
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the disabling of standard TLS certificate verification in the high-risk TrustAllCerts routine. Combined with the hardcoded DES...

9.4CVSS5.3AI score0.00141EPSS
Exploits0References1
NVD
NVD
added 2026/05/21 6:16 p.m.15 views

CVE-2026-48249

Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobilelogin.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests issued during the mobile RouteMate login flow. An attacker positioned on the...

8.2CVSS0.00173EPSS
Exploits0References3
NVD
NVD
added 2026/05/21 6:16 p.m.22 views

CVE-2026-48247

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions. An...

8.2CVSS0.00173EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/21 5:11 p.m.10 views

EUVD-2026-31329

Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobilelogin.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for outbound HTTPS requests issued during the mobile RouteMate login flow. An...

8.2CVSS5.9AI score0.00173EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/21 5:11 p.m.42 views

CVE-2026-48249 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in rm/incs/mobile_login.inc.php

Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobilelogin.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests issued during the mobile RouteMate login flow. An attacker positioned on the...

8.2CVSS0.00173EPSS
Exploits0References3
CVE
CVE
added 2026/05/21 5:11 p.m.19 views

CVE-2026-48249

Open ISES Tickets

8.2CVSS5.9AI score0.00173EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/21 5:11 p.m.40 views

CVE-2026-48248 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/login.inc.php

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests issued during the login/authentication flow. An attacker positioned on the network path...

8.2CVSS0.00205EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/21 5:11 p.m.11 views

EUVD-2026-31330

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for outbound HTTPS requests issued during the login/authentication flow. An attacker...

8.2CVSS5.9AI score0.00205EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 5:11 p.m.7 views

CVE-2026-48248 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/login.inc.php

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests issued during the login/authentication flow. An attacker positioned on the network path...

8.2CVSS5.9AI score0.00205EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/21 5:11 p.m.42 views

CVE-2026-48247 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/functions.inc.php

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions. An...

8.2CVSS0.00173EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 5:11 p.m.9 views

CVE-2026-48247

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions. An...

8.2CVSS5.9AI score0.00173EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/21 5:11 p.m.7 views

CVE-2026-48246

Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for Google Maps Directions API lookups during incident report generation. An attacker...

8.2CVSS5.9AI score0.00169EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/21 5:11 p.m.10 views

CVE-2026-48246 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in ajax/reports.php

Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for Google Maps Directions API lookups during incident report generation. An attacker...

8.2CVSS5.9AI score0.00169EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/21 5:11 p.m.43 views

CVE-2026-48246 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in ajax/reports.php

Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for Google Maps Directions API lookups during incident report generation. An attacker...

8.2CVSS0.00169EPSS
Exploits0References3
CVE
CVE
added 2026/05/21 5:11 p.m.22 views

CVE-2026-48246

CVE-2026-48246 affects Open ISES Tickets prior to version 3.44.2. The issue is that TLS certificate verification is disabled for outbound HTTPS requests in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false and not configuring CURLOPT_SSL_VERIFYHOST during Google Maps Directions API look...

8.2CVSS5.9AI score0.00169EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42526

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT SSL VERIFYPEER to false and not setting CURLOPT SSL VERIFYHOST when issuing outbound HTTPS requests for outbound HTTPS requests issued during the login/authentication flow. An attacker...

8.2CVSS5.9AI score0.00205EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/14 12:31 a.m.14 views

EUVD-2026-30180

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials...

8.2CVSS5.8AI score0.00252EPSS
Exploits0References2
Rows per page
Query Builder