475 matches found
CVE-2026-24932
The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...
BIT-DISCOURSE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...
CVE-2025-68662
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...
CVE-2025-68662
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...
EUVD-2025-206421
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...
CVE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...
CVE-2025-68662
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...
Discourse code vulnerabilities
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. There were code vulnerabilities in versions of Discourse prior to 3.5.4, as well as versions prior to 2025.11.2, 2025.12.1, a...
PT-2026-5185
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.4 Discourse versions prior to 2025.11.2 Discourse versions prior to 2025.12.1 Discourse versions prior to 2026.1.0 Description Discourse is an open source discussion platform. A hostname validation issue in the...
CVE-2022-42979
Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link...
CVE-2020-24393
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...
httpd security update
2.4.6-99.0.9.1 - Fix CVE-2025-58098 Orabug: 38816066 2.4.6-99.0.7.1 - Fixed security update CVE-2024-47252 CVE-2025-49812 Orabug: 38378160 2.4.6-99.0.5.1 - Differentiate trusted sources Orabug: 37100272CVE-2024-38476 2.4.6-99.0.3.1 - Opt-ins for unsafe prefixstat and %3f Orabug:...
Apache Log4j 安全漏洞
Apache Log4j is a Java-based open source logging tool from the Apache USA Foundation. A security vulnerability exists in Apache Log4j 2.25.2 and earlier versions, which stems from an unperformed TLS hostname validation and could lead to a man-in-the-middle attack...
Improper Certificate Validation
org.codehaus.mevenide, netbeans is vulnerable to improper certificate validation. The vulnerability is due to the autoupdate system failing to validate SSL certificates and hostnames for HTTPS-based downloads, which allows an attacker to intercept and modify autoupdate packages and potentially...
CVE-2025-65288
A buffer overflow in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n occurs when the device accepts and stores excessively long hostnames from LAN hosts without proper length validation. The affected code performs unchecked copies/concatenations into fixed-size buffers. A crafted long...
CVE-2025-65288
A buffer overflow in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n occurs when the device accepts and stores excessively long hostnames from LAN hosts without proper length validation. The affected code performs unchecked copies/concatenations into fixed-size buffers. A crafted long...
ROS-20251203-19
Vulnerability in the Ruby programming language library that implements the MQTT protocol Rubygem MQTT is related to the lack of hostname validation. Exploitation of the vulnerability could allow A remote attacker to perform a man-in-the-middle attack...
GHSA-9C5Q-W6GR-FXCQ MQTT does not validate hostnames
A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...
MQTT does not validate hostnames
A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...
CVE-2025-12790
A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...