2 matches found
CVE-2026-40557
Summary: CVE-2026-40557 affects Apache Storm Prometheus Reporter (versions 2.6.3–2.8.6). The issue stems from PrometheusPreparableReporter implementing an INSECURE_TRUST_MANAGER and, when storm.daemon.metrics.reporter.plugin.prometheus.skip_tls_validation is enabled, triggering SSLContext.setDefa...
CVE-2025-15079 libssh global known_hosts override
When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...