12 matches found
CVE-2026-7113
CVE-2026-7113 affects NousResearch hermes-agent 0.8.0, specifically the Webhooks Endpoint in gateway/platforms/webhook.py. The issue arises from manipulating the argument _INSECURE_NO_AUTH, resulting in missing authentication and enabling a remote attack. The description notes high attack complex...
CVE-2025-15612 Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE
Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...
curl: Certificate Pinning Bypass with wolfSSL backend over HTTP/3
Summary: A security feature bypass exists in libcurl when built with the wolfSSL backend and HTTP/3 support. The Certificate Pinning feature --pinnedpubkey is silently ignored if the user also disables peer verification -k or --insecure . This behavior is inconsistent with other backends like...
PT-2026-28277
Name of the Vulnerable Software and Affected Versions Wazuh affected versions not specified Description The software contains an insecure transport issue due to the use of the -k or --insecure flag with curl, which disables SSL/TLS certificate validation. This allows attackers with network access...
MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string
When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...
EUVD-2025-34070
MongoDB Rust Driver has certificate validation disabled when tlsInsecure=False appears in connection string...
CVE-2025-11695 Configuration may unexpectedly disable certificate validation
When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...
Configuration may unexpectedly disable certificate validation
When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...
CVE-2025-36011
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...
SUSE CVE-2021-29504
WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the...
Arbitrary Code Execution
github.com/golang/go is vulnerable to arbitrary code execution attacks. The library does not properly validate the import path when the -insecure flag is used for the go get command. This allows a malicious user to execute arbitrary commands through the use of a malicious website...
USN-2549-1 libarchive vulnerabilities
It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the --insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to...