CVE-2025-46659

An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request...

github.com/go-acme/lego/v4/acme/api does not enforce HTTPS

Summary It was discovered that the github.com/go-acme/lego/v4/acme/api package thus the lego library and the lego cli as well don't enforce HTTPS when talking to CAs as an ACME client. Details Unlike the http-01 challenge which solves an ACME challenge over unencrypted HTTP, the ACME protocol...

GHSA-Q82R-2J7M-9RV4 github.com/go-acme/lego/v4/acme/api does not enforce HTTPS

Summary It was discovered that the github.com/go-acme/lego/v4/acme/api package thus the lego library and the lego cli as well don't enforce HTTPS when talking to CAs as an ACME client. Details Unlike the http-01 challenge which solves an ACME challenge over unencrypted HTTP, the ACME protocol...

PT-2025-32210 · Unknown · Exonautweb

Name of the Vulnerable Software and Affected Versions: ExonautWeb versions 21.6 Description: An information disclosure issue exists in ExonautWeb. The issue occurs via an external HTTPS request. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

PT-2025-32239 · Go Acme +1 · Lego +1

Name of the Vulnerable Software and Affected Versions: Lego versions 4.25.1 and below Description: The github.com/go-acme/lego/v4/acme/api package, and consequently the Lego library and command-line interface, does not enforce HTTPS when communicating with Certificate Authorities CAs as an ACME...

CVE-2025-46659

ExonautWeb (4C Strategies Exonaut 21.6) is affected by CVE-2025-46659. The issue is an information disclosure vulnerability triggered by an external HTTPS request to ExonautWeb, enabling access to sensitive data. The NVD entry lists it with CVSSv3.1: Network attack, High impact on confidentiality...

Linux Distros Unpatched Vulnerability : CVE-2020-26961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver...

CVE-2025-46659

An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request...

CVE-2025-5988

A flaw was found in the Ansible aap-gateway. Cross-site request forgery CSRF origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda. Mitigation Use HTTPS on the platform ingress if possible. Since this is a problem in edge-terminated...

CVE-2025-54424

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...

CVE-2025-54424 1Panel Agent Bypasses Certificate Verification Leading to Arbitrary Command Execution

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...

Exploit for CVE-2025-54589

CVE-2025-54589 – Copyparty Reflected XSS Author: Byte Rea...

CVE-2025-43233

This issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app acting as a HTTPS proxy could get access to sensitive user data...

CVE-2025-43233

This issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app acting as a HTTPS proxy could get access to sensitive user data...

CVE-2025-43233

CVE-2025-43233 affects macOS where an attacker could leverage a malicious app acting as an HTTPS proxy to access sensitive user data. The issue is mitigated by improved access restrictions and is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7. The CVE’s base score and ...

PT-2025-31349 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.6 macOS versions prior to 14.7.7 macOS versions prior to 13.7.7 Description: A malicious application functioning as an HTTPS proxy could potentially gain access to sensitive user data due to insufficient access...

Malicious code in udn_extras (npm)

The package is a malware because it contains a postinstall script that executes index.js. The index.js script gathers sensitive information such as hostname, platform, username, IP address, and environment variables and sends it to an external server webhook.site via an HTTPS POST request. This...

CrushFTP Unprotected Alternate Channel Vulnerability

CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS...

CVE-2025-54309

CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025...

CVE-2025-54309

CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025...