wget security update

An update is available for wget. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, a...

RLSA-2024:3094 Moderate: perl-CPAN security update

The CPAN module is a tool to query, download and build perl modules from CPAN sites. Security Fixes: perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS CVE-2023-31484 For more details about the security issues, including the impact, a CVSS score,...

GHSA-72QJ-48G4-5XGX JRuby-OpenSSL has hostname verification disabled by default

Summary When verifying SSL certificates, jruby-openssl is not verifying that the hostname presented in the certificate matches the one we are trying to connect to, meaning a MITM could just present any valid cert for a completely different domain they own, and JRuby wouldn't complain. Details n/a...

Exploit for CVE-2025-1974

CVE-2025-1974IngressNightmare poc IngressNightmare Script...

SUSE CVE-2025-30194

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A...

DEBIAN-CVE-2025-30194

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A...

UBUNTU-CVE-2025-30194

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A...

DNSdist 安全漏洞

DNSdist is a highly DNS, DoS and abuse aware load balancer from DNSdist open source. A security vulnerability exists in DNSdist that stems from a double release triggered by the nghttp2 provider program when processing DoH exchanges, which could lead to a denial of service...

CVE-2021-47662

CVE-2021-47662 is associated with Franka Emika Robot. The vulnerability arises from missing authorization, enabling an unauthenticated remote attacker to trigger a shutdown button over HTTPS and cause a denial-of-service. Connected sources confirm the issue affects the Franka Emika Robot hardware...

CVE-2021-47662 Unauthenticated remote shutdown of the cobot

Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button...

CVE-2021-47662 Unauthenticated remote shutdown of the cobot

Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button...

Malicious code in https-agen-chii (npm)

--- -= Per source details. Do not edit below this line.=-...

The vulnerability of the HTTPS protocol implementation in ConneXium Network Manager’s software for network management allows a perpetrator to carry out a “man-in-the-middle” attack.

The vulnerability of the HTTPS protocol implementation in ConneXium Network Manager software relates to the use of files and directories accessible to external parties. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...

PT-2025-17675 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue concerns the transmission of sensitive information via URL or query parameters, which could be exposed to an unauthorized actor using man-in-the-middle techniques...

CVE-2020-36845

The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL...

Exploit for CVE-2025-26244

CVE-2025-26244-POC The code to exploit this vulnerability can...

NetScaler: Troubleshooting SSO Failures Over VPN Mode

SSO failures over VPN mode on NetScaler can often be traced to limitations in HTTPS inspection, misconfigured session or traffic policies, or incomplete authentication setups. By carefully reviewing these areas—especially the VPN mode, session policies, and authentication flow—you can...

Centron 19.04 - Remote Code Execution (RCE)

Exploit Title : Centron 19.04 - Remote Code Execution RCE Tested on Centreon API 19.04.0 Centreon 19.04 - Login Password Bruteforcer Written on 6 Nov 2019 Referencing API Authentication of the Centreon API document Author: st4rry centbruteon.py Centreon Download Link:...

CVE-2025-2222

CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege escalation following man in the middle attack...

CVE-2025-26654 Potential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud)

SAP Commerce Cloud Public Cloud does not allow to disable unencrypted HTTP port 80 entirely, but instead allows a redirect from port 80 to 443 HTTPS. As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request befor...