Lucene search
K

15 matches found

OSV
OSV
added 2026/04/30 11:22 a.m.5 views

CLSA-2026-1777548161 Fix CVE(s): CVE-2023-31486

SECURITY UPDATE: HTTP::Tiny does not verify TLS certificates by default - debian/patches/CVE-2023-31486.patch: flip verifySSL default from 0 to 1 in cpan/HTTP-Tiny/lib/HTTP/Tiny.pm; add PERLHTTPTINYSSLINSECUREBYDEFAULT escape-hatch env var; update POD SSL SUPPORT - TLS/SSL SUPPORT,...

8.1CVSS7.3AI score0.01742EPSS
Exploits0References1
OSV
OSV
added 2026/04/27 6:33 p.m.9 views

JLSEC-2026-236 Applications that use a non-default option when verifying certificates may be vulnerable to an...

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.3AI score0.01583EPSS
Exploits0References12
OSV
OSV
added 2026/04/01 9:11 p.m.4 views

GHSA-8H88-GXP3-J7PG openssl-encrypt's unverified key bundle from_dict() + to_identity() path allows encryption to attacker keys

Summary The PublicKeyBundle.fromdict method in opensslencrypt/modules/keybundle.py at lines 329-361 creates bundles from untrusted data without verifying the signature. The docstring warns to call verifysignature after creation, but the toidentity method line 363-391 can convert an unverified...

8.7CVSS5.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/28 7:47 a.m.13 views

CVE-2026-2428

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.1.17. This is due to the PayPal IPN Instant Payment Notification verification being disabled by default disableipnverification defaults to...

7.5CVSS5.9AI score0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/02/27 3:23 a.m.14 views

CVE-2026-2428

The CVE concerns the Fluent Forms Pro Add On Pack for WordPress, vulnerable in all versions up to 6.1.17 due to disabled PayPal IPN verification (disable_ipn_verification defaults to 'yes' in PayPalSettings.php). This enables unauthenticated attackers to send forged PayPal IPN notifications to th...

7.5CVSS5.4AI score0.00139EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.8 views

PT-2026-22290

Name of the Vulnerable Software and Affected Versions Fluent Forms Pro Add On Pack for WordPress versions through 6.1.17 Description The software contains a flaw related to insufficient verification of data authenticity. Specifically, PayPal IPN Instant Payment Notification verification is disabl...

7.5CVSS5.9AI score0.00139EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/12/07 1:55 p.m.3 views

openssl: Invalid certificate policies in leaf certificates are silently ignored

A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that a...

5.3CVSS6.5AI score0.01583EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/12/07 12:21 p.m.4 views

openssl: Invalid certificate policies in leaf certificates are silently ignored

A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that a...

5.3CVSS6.5AI score0.01583EPSS
Exploits0References5
OSV
OSV
added 2023/03/28 3:15 p.m.2 views

ALPINE-CVE-2023-0465

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS7AI score0.01583EPSS
Exploits0References1
OSV
OSV
added 2023/03/28 3:15 p.m.6 views

AZL-25937 CVE-2023-0465 affecting package openssl for versions less than 1.1.1k-23

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.6AI score0.01583EPSS
Exploits0References1
OSV
OSV
added 2023/03/28 3:15 p.m.5 views

AZL-27241 CVE-2023-0465 affecting package kata-containers-cc for versions less than 0.4.1-2

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.6AI score0.01583EPSS
Exploits0References1
OSV
OSV
added 2023/03/28 3:15 p.m.7 views

AZL-34663 CVE-2023-0465 affecting package edk2 for versions less than 20230301gitf80f052277c8-37

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.6AI score0.01583EPSS
Exploits0References1
OSV
OSV
added 2023/03/28 3:15 p.m.4 views

UBUNTU-CVE-2023-0465

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.6AI score0.01583EPSS
Exploits0References5
OSV
OSV
added 2020/07/31 6:15 p.m.5 views

UBUNTU-CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

8.7CVSS7.2AI score0.00864EPSS
Exploits1References5
CNVD
CNVD
added 2018/01/17 12:0 a.m.2 views

Multiple Vulnerabilities in Ease of Use Electric Vehicle App

Ease of use electric car APP is an electric car service software. There is an arbitrary user registration and arbitrary user password reset vulnerability in the E-Hang Electric Vehicle APP. An attacker can register any account and reset any password by obtaining the verification code by default...

7.4AI score
Exploits0
Rows per page
Query Builder