CVE-2026-45182

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

EUVD-2008-4181

Malware in sbrugna...

EUVD-2019-4518

Malware in sbrugna...

EUVD-2023-34941

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-14002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to...

CVE-2025-5025

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...

CVE-2020-5876

On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address...

CVE-2020-12144

The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal...

CVE-2024-53705

A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall...

PT-2025-54485

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description When utilizing the CURLOPT PINNEDPUBLICKEY option in libcurl or the --pinnedpubkey option with the curl tool, the software should verify the server certificate's public key to confirm the...

Improper Hostname Verification

io.kroxylicious, kroxylicious-runtime is vulnerable to Improper Hostname Verification. The vulnerability is due to Kroxylicious failing to properly verify the server's hostname during a TLS connection, which allows an attacker to intercept or manipulate communications...

python-scciclient: missing server certificate verification

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

Flaw in 4GEE WiFi Modem Could Leave Your Computer Vulnerable

A high-severity vulnerability has been discovered in 4G-based wireless 4GEE Mini modem sold by mobile operator EE that could allow an attacker to run a malicious program on a targeted computer with the highest level of privileges in the system. The vulnerability—discovered by 20-year-old Osanda...

DEBIAN-CVE-2009-4144

NetworkManager NM 0.7.2 does not ensure that the configured Certification Authority CA certificate file for a 1 WPA Enterprise or 2 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service connectivit...

squirrelmail: session hijacking - secure flag not set for HTTPS-only cookies

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

Firefox self signed certificate flaw

Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also...

MySQL client contains buffer overflow

Overview MySQL is a popular open source database package. The MySQL client that ships with the MySQL package contains a buffer overflow. Description The mysql program, part of the MySQL package, contains a buffer overflow in the host parameter. An intruder who invokes mysql using a specially...