EUVD-2024-0269

Malicious code in bioql PyPI...

EUVD-2022-6912

Malicious code in bioql PyPI...

EUVD-2025-12102

Malicious code in bioql PyPI...

EUVD-2022-30996

Malicious code in bioql PyPI...

EUVD-2022-4023

Malicious code in bioql PyPI...

EUVD-2022-6719

Malicious code in bioql PyPI...

Security Bulletin: SSL Certificate Hostname Verification Bypass in Apache Commons HttpClient 3.x Allowing MITM Attacks affects watsonx.data

Summary Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

Security Bulletin: A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, which affects IBM watsonx.data

Summary A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-27820 DESCRIPTION: A bug in PSL validation...

ROS-20250808-01

A vulnerability in the Apache HttpClient client module is related to insufficient input validation. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected data or gain access to modify, add, or delete protected data. access to protected data or ga...

Atlassian Confluence 9.2.4 < 9.2.6 / 9.4.x < 9.5.2 (CONFSERVER-100164)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-100164 advisory. - A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discover...

Atlassian Jira Service Management Data Center and Server 5.12.23 < 5.12.24 / 10.3.x < 10.3.8 / 10.5.x < 10.7.2 (JSDSERVER-16269)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16269 advisory. - A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in httpclient5-5.4.2.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of httpclient5-5.4.2.jar Vulnerability Details CVEID:CVE-2025-27820 DESCRIPTION: A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification...

Third-Party Dependency in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 10.2.4 and 11.0.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows an unauthenticated...

MITM (Man-in-the-Middle) org.apache.httpcomponents.client5:httpclient5 Dependency in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.2.4, 9.4.0, and 9.5.1 of Confluence Data Center and Server however LTS version 8.5 is not affected by this CVE. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

K000151334: Apache HttpClient vulnerability CVE-2025-27820

Security Advisory Description A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release CVE-2025-27820 Impact There is no impact; F5 products are not...

Alibaba Cloud Linux 3 : 0160: maven:3.6 (ALINUX3-SA-2022:0160)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0160 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-13956: Apache HttpClient versions...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team.This bulletin contains information...

Apache HttpClient Logic Error Vulnerability

Apache HttpClient is the United States Apache Apache Foundation of a Java written to access HTTP resources client program. The program is used to access network resources using the HTTP protocol. A logic error vulnerability exists in Apache HttpClient versions prior to 5.4.3, which stems from a P...

Malicious code in apache-httpclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a77347ebb8573c5fbeca35230df16ec582c33958e0a5bad13704efdea35f24eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3609 Malicious code in apache-httpclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a77347ebb8573c5fbeca35230df16ec582c33958e0a5bad13704efdea35f24eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...