Lucene search
K

11 matches found

CVE
CVE
added 2026/06/09 11:48 p.m.22 views

CVE-2026-41714

Spring AMQP 2.4.x/3.1.x/3.2.x/4.0.x (versions 2.4.0–2.4.17, 3.1.0–3.1.15, 3.2.0–3.2.10, 4.0.0–4.0.3) are affected by CVE-2026-41714. The issue occurs when a broker connection is configured via RabbitConnectionFactoryBean.setUri("amqps://...") without calling setUseSSL(true). This leads to TLS enc...

4CVSS5.5AI score0.00132EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.71 views

📄 SumatraPDF 3.5.2 Remote Code Execution

SumatraPDF versions 3.5.0 to 3.5.2 disable TLS hostname verification during update checks using INTERNETFLAGIGNORECERTCNINVALID and do not perform any signature or integrity validation on the downloaded installer. Exploit Title: SumatraPDF 3.5.2 - Remote Code Execution Date: 2026-02-10 Exploit...

7.5CVSS5.8AI score0.00445EPSS
Exploits4
Cvelist
Cvelist
added 2026/02/12 3:1 p.m.32 views

CVE-2026-26214 Xiaomi Galaxy FDS Android SDK <= 3.0.8 TLS Hostname Verification Disabled Enables MITM

Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOWALLHOSTNAMEVERIFIER, which accep...

9.1CVSS0.00184EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.8 views

galaxy-fds-sdk-android 安全漏洞

Galaxy-FDS-SDK-Android is an open-source developer toolkit developed by Xiaomi for storing file data on Xiaomi devices. Versions of Galaxy-FDS-SDK-Android 3.0.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the disabling of TLS hostname verification when HTTPS is...

9.1CVSS5.8AI score0.00184EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.11 views

PT-2026-7854

Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOW ALL HOSTNAME VERIFIER, which...

9.1CVSS5.5AI score0.00184EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:58 a.m.5 views

CVE-2025-68637

The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle MITM attacks. This...

9.1CVSS6.9AI score0.0022EPSS
Exploits0References1
CVE
CVE
added 2026/01/07 9:39 a.m.45 views

CVE-2025-68637

The Uniffle HTTP client is configured to trust all SSL certificates and disable hostname verification by default, exposing REST API communications between the Uniffle CLI/client and the Uniffle Coordinator to potential MITM attacks. Affected: all versions prior to 0.10.0. Mitigation: upgrade to v...

9.1CVSS6.5AI score0.0022EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1641

Name of the Vulnerable Software and Affected Versions Uniffle versions prior to 0.10.0 Description The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle...

9.1CVSS6.7AI score0.0022EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2025/09/10 2:28 a.m.146 views

Exploit for CVE-2025-46408

CVE-2025-46408 Improper Hostname Verification in EagleEyes...

8.8CVSS6.7AI score0.00611EPSS
Exploits4
SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.3 views

SUSE CVE-2014-2576

plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPTSSLVERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle MITM attacks...

6.8CVSS6.5AI score0.01997EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/04/30 12:0 a.m.6 views

PT-2019-11716 · Jenkins · Jenkins Koji Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Koji Plugin affected versions not specified Description: The issue concerns the Jenkins Koji Plugin, which disables SSL/TLS and hostname verification globally for the Jenkins master JVM. This means the plugin unconditionally disables...

5.9CVSS5.5AI score0.01489EPSS
Exploits0References7
Rows per page
Query Builder