EUVD-2025-209107

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...

CVE-2025-10548 Missing Certificate Validation in CleverControl Installer Allows Remote Code Execution

The CleverControl employee monitoring software v11.5.1041.6 fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using curl.exe --insecure, enabling a man-in-the-middle attacker to deliver malicious files that are...

CVE-2025-10548

CVE-2025-10548 affects CleverControl installer software (v11.5.1041.6; prior to 11.5.1041.6 per PT-2025-39149). The root cause is failure to validate TLS server certificates during installation, enabling the installer to download/execute external components via curl.exe --insecure. This can permi...

CVE-2025-5264

CVE-2025-5264 involves insufficient escaping of the newline character in Firefox/Thunderbird Copy as cURL functionality, enabling a user to be tricked into executing a crafted command locally. Affected: Firefox < 139, Firefox ESR < 115.24/128.11, Thunderbird

Vulnerability: ModernBill Insecure CURL Settings

Vulnerability: ModernBill Insecure CURL Settings Vulnerability discovered by: Justin Samuel www.justinsamuel.com Discovery Date: 2006-07-11 Severity: Less Critical Impact: Exposure of sensitive information Product: ModernBill Affected Versions: 5.0.1 Vendor: ModernGigabyte, LLC...