CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

OSV•added 2026/05/14 5:16 p.m.•1 views

UBUNTU-CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00021EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-3331

Malware in sbrugna...

8.8CVSS7.8AI score0.00137EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-52315

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00139EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-21358

Malicious code in bioql PyPI...

6.5CVSS8.8AI score0.00265EPSS

Exploits0References2

Tenable Nessus•added 2025/09/10 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2021-20110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to matc...

10CVSS7.5AI score0.01682EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 8:12 a.m.•7 views

CVE-2024-54147

Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...

6.8CVSS6.9AI score0.00139EPSS

Exploits0References1

NVD•added 2024/12/09 7:15 p.m.•16 views

CVE-2024-54147

6.8CVSS0.00139EPSS

Exploits0References2

Cvelist•added 2024/12/09 6:55 p.m.•25 views

CVE-2024-54147 Altair GraphQL Client's desktop app does not validate HTTPS certificates

6.8CVSS0.00139EPSS

Exploits0References2

CVE•added 2024/12/09 6:55 p.m.•96 views

CVE-2024-54147

The CVE-2024-54147 entry covers Altair GraphQL Client (desktop) prior to version 8.0.5, where the application does not validate HTTPS certificates. This weakness enables a man-in-the-middle on untrusted networks to intercept GraphQL request/response headers and bodies (including authorization tok...

6.8CVSS6.6AI score0.00139EPSS

Exploits0References2

Positive Technologies•added 2024/12/09 12:0 a.m.•4 views

PT-2024-36071 · Altair · Altair Graphql Client

Name of the Vulnerable Software and Affected Versions: Altair GraphQL Client versions prior to 8.0.5 Description: The issue arises from the Altair GraphQL Client's desktop app not validating HTTPS certificates, allowing a man-in-the-middle to intercept all requests. This can compromise GraphQL...

6.8CVSS6.7AI score0.00139EPSS

Exploits0References6

Prion•added 2021/07/19 3:15 p.m.•16 views

Design/Logic Flaw

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the...

5CVSS7.7AI score0.02518EPSS

Exploits0References1Affected Software1

OSV•added 2021/01/20 8:15 p.m.•1 views

CVE-2021-1276

Multiple vulnerabilities in Cisco Data Center Network Manager DCNM could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when...

6.5CVSS6.6AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by