11 matches found
CVE-2026-41714
Spring AMQP 2.4.x/3.1.x/3.2.x/4.0.x (versions 2.4.0–2.4.17, 3.1.0–3.1.15, 3.2.0–3.2.10, 4.0.0–4.0.3) are affected by CVE-2026-41714. The issue occurs when a broker connection is configured via RabbitConnectionFactoryBean.setUri("amqps://...") without calling setUseSSL(true). This leads to TLS enc...
📄 SumatraPDF 3.5.2 Remote Code Execution
SumatraPDF versions 3.5.0 to 3.5.2 disable TLS hostname verification during update checks using INTERNETFLAGIGNORECERTCNINVALID and do not perform any signature or integrity validation on the downloaded installer. Exploit Title: SumatraPDF 3.5.2 - Remote Code Execution Date: 2026-02-10 Exploit...
CVE-2026-26214 Xiaomi Galaxy FDS Android SDK <= 3.0.8 TLS Hostname Verification Disabled Enables MITM
Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOWALLHOSTNAMEVERIFIER, which accep...
galaxy-fds-sdk-android 安全漏洞
Galaxy-FDS-SDK-Android is an open-source developer toolkit developed by Xiaomi for storing file data on Xiaomi devices. Versions of Galaxy-FDS-SDK-Android 3.0.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the disabling of TLS hostname verification when HTTPS is...
PT-2026-7854
Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOW ALL HOSTNAME VERIFIER, which...
CVE-2025-68637
The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle MITM attacks. This...
CVE-2025-68637
The Uniffle HTTP client is configured to trust all SSL certificates and disable hostname verification by default, exposing REST API communications between the Uniffle CLI/client and the Uniffle Coordinator to potential MITM attacks. Affected: all versions prior to 0.10.0. Mitigation: upgrade to v...
PT-2026-1641
Name of the Vulnerable Software and Affected Versions Uniffle versions prior to 0.10.0 Description The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle...
Exploit for CVE-2025-46408
CVE-2025-46408 Improper Hostname Verification in EagleEyes...
SUSE CVE-2014-2576
plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPTSSLVERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle MITM attacks...
PT-2019-11716 · Jenkins · Jenkins Koji Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Koji Plugin affected versions not specified Description: The issue concerns the Jenkins Koji Plugin, which disables SSL/TLS and hostname verification globally for the Jenkins master JVM. This means the plugin unconditionally disables...