27 matches found
Uncovering Qilin attack methods exposed through multiple cases
In the second half of 2025, the ransomware group Qilin has continued to publish victim information on its leak site at a pace of more than 40 cases per month, making it one of the most impactful ransomware groups worldwide. The manufacturing sector has been the most affected, followed by...
EUVD-2014-2870
Malware in sbrugna...
EUVD-2025-19095
Malicious code in bioql PyPI...
EUVD-2025-19096
Malicious code in bioql PyPI...
CVE-2025-41255
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates e.g., self-signed, unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17....
CVE-2025-41256
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates e.g., self-signed, since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5...
CVE-2025-41256
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates e.g., self-signed, since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5...
CVE-2025-41256
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates e.g., self-signed, since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5...
CVE-2025-41255
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates e.g., self-signed, unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17....
CVE-2025-41255
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates e.g., self-signed, unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17....
CVE-2025-41255 Cyberduck and Mountain Duck - Improper Certificate Store Handling
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates e.g., self-signed, unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17....
CVE-2025-41255
The CVE-2025-41255 issue affects Cyberduck and Mountain Duck through TLS certificate pinning handling. According to multiple sources, the vulnerable behavior is the unnecessary installation of untrusted certificates (e.g., self-signed) into the Windows Certificate Store of the current user, drive...
CVE-2025-41255 Cyberduck and Mountain Duck - Improper Certificate Store Handling
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates e.g., self-signed, unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17....
CVE-2025-41256 Cyberduck and Mountain Duck - Weak Hash Algorithm for Certificate Fingerprint
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates e.g., self-signed, since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5...
CVE-2025-41256
CVE-2025-41256 affects Cyberduck (through 9.1.6) and Mountain Duck (through 4.17.5) due to improper TLS certificate pinning for untrusted certificates, with fingerprint storage using SHA-1. This creates a high-severity risk (CVSSv3: 7.4, High) for network-based situations where self-signed or unt...
CVE-2025-41256 Cyberduck and Mountain Duck - Weak Hash Algorithm for Certificate Fingerprint
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates e.g., self-signed, since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5...
iterate Cyberduck和iterate Mountain Duck 安全漏洞
iterate Cyberduck and iterate Mountain Duck are both open source file transfer clients from iterate. A security vulnerability exists in iterate Cyberduck 9.1.6 and earlier and iterate Mountain Duck 4.17.5 and earlier, which stems from improper handling of TLS certificate fixing and could lead to...
iterate Cyberduck和iterate Mountain Duck 安全漏洞
iterate Cyberduck and iterate Mountain Duck are both open source file transfer clients from iterate. A security vulnerability exists in iterate Cyberduck 9.1.6 and earlier and iterate Mountain Duck 4.17.5 and earlier, which stems from the use of SHA-1 to store certificate fingerprints, which coul...
PT-2025-26818 · Unknown +1 · Mountain Duck +1
Name of the Vulnerable Software and Affected Versions: Cyberduck versions through 9.1.6 Mountain Duck versions through 4.17.5 Description: The issue is related to improper handling of TLS certificate pinning for untrusted certificates, such as self-signed certificates, in Cyberduck and Mountain...
PT-2025-26819 · Unknown +1 · Mountain Duck +1
Name of the Vulnerable Software and Affected Versions: Cyberduck versions prior to 9.1.7 Mountain Duck versions prior to 4.17.6 Description: The issue concerns improper handling of TLS certificate pinning for untrusted certificates, such as self-signed ones. This results in the unnecessary...