80 matches found
CVE-2026-48902
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...
CVE-2026-48697
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...
CVE-2026-1778
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...
CVE-2026-1778
SageMaker Python SDK (before v3.1.1 or v2.256.0) disables TLS certificate verification in the Triton Python backend during model import, allowing HTTPS requests to succeed with invalid/self-signed certificates. Affected versions: SDK <3.1.1 and
EUVD-2017-15400
Malware in sbrugna...
EUVD-2015-0644
Malware in sbrugna...
EUVD-2019-13320
Malware in sbrugna...
EUVD-2021-0835
Malware in sbrugna...
EUVD-2022-4974
Malicious code in bioql PyPI...
EUVD-2023-58315
Malicious code in bioql PyPI...
EUVD-2022-42852
Malicious code in bioql PyPI...
CVE-2019-15042
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1...
GHSA-72QJ-48G4-5XGX JRuby-OpenSSL has hostname verification disabled by default
Summary When verifying SSL certificates, jruby-openssl is not verifying that the hostname presented in the certificate matches the one we are trying to connect to, meaning a MITM could just present any valid cert for a completely different domain they own, and JRuby wouldn't complain. Details n/a...
CVE-2024-47174 Credential leak when credentials are used with `<nix/fetchurl.nix>`
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
Insecure HTTPS Connections
nategood/httpful is vulnerable to Insecure HTTPS Connections. The vulnerability is due to the lack of built-in certificate validation mechanisms in the Httpful library, which fails to enforce the proper verification of SSL/TLS certificates by default. It allows attackers to intercept and manipula...
GHSA-GCFG-HMWX-WQ5H Httpful is Missing Certificate Validation
Httpful has Insecure HTTPS Connections due to Missing Default Certificate Validation...
GHSA-37GX-JQX9-FWMG Improper Certificate Validation in Apache DolphinScheduler
Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle MITM attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which...
Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2023-2597)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-38505 DietPi-Dashboard Insufficient TLS Handshake Pool
DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitel...
Mozilla: Use-after-free in WebRTC certificate generation
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS...