94 matches found
CVE-2026-7830 UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception
UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...
CVE-2026-7830 UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception
UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...
CVE-2026-7830
CVE-2026-7830 affects UltraVNC up to version 1.8.2.2 and concerns the MS-Logon II authentication. The DH key exchange uses parameters within 64-bit space (DH_MAX_BITS) and the private exponent is generated using a rng() that relies on three libc rand() calls seeded from time(NULL). This yields an...
CVE-2026-4522
Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYPR Passwordless: before 11.1.1...
GHSA-R7G4-QG5F-QQM2 Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception
Summary Nodemailer disables TLS certificate verification in its internal HTTPS fetch client through the use of rejectUnauthorized: false inside lib/fetch/index.js. As a result, OAuth2 token requests trust invalid or self-signed HTTPS certificates and transmit sensitive OAuth credentials over...
Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception
Summary Nodemailer disables TLS certificate verification in its internal HTTPS fetch client through the use of rejectUnauthorized: false inside lib/fetch/index.js. As a result, OAuth2 token requests trust invalid or self-signed HTTPS certificates and transmit sensitive OAuth credentials over...
EUVD-2026-36725
Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...
CVE-2026-6517
Mattermost Desktop App (versions
CVE-2026-6517 Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed
Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...
TLS hostname verification disabled when using Boring TLS backend
An inverted-boolean bug in lettre's boring-tls integration silently disables TLS hostname verification for callers using the default strict configuration. An on-path attacker presenting any chain-valid certificate for any domain can intercept SMTP submission, including PLAIN/LOGIN credentials and...
CVE-2026-44305
Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...
CVE-2026-44305
Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...
CVE-2026-44305
CVE-2026-44305 affects Lemur when LDAP_USE_TLS is True. The LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level, causing any MITM between Lemur and the LDAP server to intercept credentials and potentially modify responses. This vulnerab...
CVE-2026-44305 Lemur: LDAP TLS certificate verification globally disabled enables credential interception
Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...
CVE-2026-44305 Lemur: LDAP TLS certificate verification globally disabled enables credential interception
Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...
Apache Airflow 信任管理问题漏洞
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. However, Apache Airflow has a trust management...
CVE-2026-40431
A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same...
CVE-2026-35560
Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. Thi...
Amazon Athena ODBC driver 安全漏洞
The Amazon Athena ODBC driver is a database connection driver developed by the American company Amazon. Versions of the Amazon Athena ODBC driver prior to 2.1.0.0 contained a security vulnerability. This vulnerability stemmed from improper certificate verification in the identity provider...
OpenClaw OS Command Injection Vulnerability (CNVD-2026-15059)
OpenClaw is an automation tool for executing system commands. An authentication bypass vulnerability exists in versions prior to OpenClaw 2026.2.21 that stems from the system failing to enforce secure authentication when the allowInsecureAuth setting is explicitly enabled and the gateway is expos...