Lucene search
K

475 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/03 2:19 a.m.7 views

CVE-2026-24932

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS5.5AI score0.00206EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/02 8:42 a.m.4 views

BIT-DISCOURSE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...

9.9CVSS5.4AI score0.003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/29 9:21 p.m.5 views

CVE-2025-68662

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...

9.9CVSS5.9AI score0.003EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 8:16 p.m.14 views

CVE-2025-68662

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...

9.9CVSS0.003EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 7:12 p.m.7 views

EUVD-2025-206421

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...

7.6CVSS5.9AI score0.003EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 7:12 p.m.5 views

CVE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...

7.6CVSS5.9AI score0.003EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 7:12 p.m.6 views

CVE-2025-68662

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...

7.6CVSS5.9AI score0.003EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

Discourse code vulnerabilities

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. There were code vulnerabilities in versions of Discourse prior to 3.5.4, as well as versions prior to 2025.11.2, 2025.12.1, a...

9.9CVSS5.9AI score0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.9 views

PT-2026-5185

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.4 Discourse versions prior to 2025.11.2 Discourse versions prior to 2025.12.1 Discourse versions prior to 2026.1.0 Description Discourse is an open source discussion platform. A hostname validation issue in the...

9.9CVSS5.9AI score0.003EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 10:52 a.m.9 views

CVE-2022-42979

Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link...

8.8CVSS6.5AI score0.24328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:49 a.m.9 views

CVE-2020-24393

TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...

5.9CVSS6.6AI score0.00862EPSS
Exploits1References1
Oracle linux
Oracle linux
added 2026/01/09 12:0 a.m.17 views

httpd security update

2.4.6-99.0.9.1 - Fix CVE-2025-58098 Orabug: 38816066 2.4.6-99.0.7.1 - Fixed security update CVE-2024-47252 CVE-2025-49812 Orabug: 38378160 2.4.6-99.0.5.1 - Differentiate trusted sources Orabug: 37100272CVE-2024-38476 2.4.6-99.0.3.1 - Opt-ins for unsafe prefixstat and %3f Orabug:...

8.3CVSS7.2AI score0.99957EPSS
Exploits7
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.5 views

Apache Log4j 安全漏洞

Apache Log4j is a Java-based open source logging tool from the Apache USA Foundation. A security vulnerability exists in Apache Log4j 2.25.2 and earlier versions, which stems from an unperformed TLS hostname validation and could lead to a man-in-the-middle attack...

6.3CVSS6.2AI score0.00743EPSS
Exploits1References10
Veracode
Veracode
added 2025/12/13 4:30 a.m.9 views

Improper Certificate Validation

org.codehaus.mevenide, netbeans is vulnerable to improper certificate validation. The vulnerability is due to the autoupdate system failing to validate SSL certificates and hostnames for HTTPS-based downloads, which allows an attacker to intercept and modify autoupdate packages and potentially...

9.1CVSS8.4AI score0.02007EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/12/09 5:15 p.m.5 views

CVE-2025-65288

A buffer overflow in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n occurs when the device accepts and stores excessively long hostnames from LAN hosts without proper length validation. The affected code performs unchecked copies/concatenations into fixed-size buffers. A crafted long...

6.5CVSS6.3AI score0.00367EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/09 12:0 a.m.4 views

CVE-2025-65288

A buffer overflow in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n occurs when the device accepts and stores excessively long hostnames from LAN hosts without proper length validation. The affected code performs unchecked copies/concatenations into fixed-size buffers. A crafted long...

8.1AI score0.00367EPSS
Exploits1References1
Redos
Redos
added 2025/12/03 12:0 a.m.9 views

ROS-20251203-19

Vulnerability in the Ruby programming language library that implements the MQTT protocol Rubygem MQTT is related to the lack of hostname validation. Exploitation of the vulnerability could allow A remote attacker to perform a man-in-the-middle attack...

7.4CVSS6.6AI score0.00343EPSS
Exploits0
OSV
OSV
added 2025/11/06 9:31 p.m.7 views

GHSA-9C5Q-W6GR-FXCQ MQTT does not validate hostnames

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...

7.4CVSS6.6AI score0.00343EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/11/06 9:31 p.m.7 views

MQTT does not validate hostnames

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...

7.4CVSS6.6AI score0.00343EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/11/06 9:15 p.m.9 views

CVE-2025-12790

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...

7.4CVSS0.00343EPSS
Exploits0References3
Rows per page
Query Builder