Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the GET /api/website/title endpoint. An attacker can access internal or restricted network resources and potentially exfiltrate sensitive information by supplying a crafted URL to the unauthenticated...

GO-2026-4414 Alist has Insecure TLS Config in github.com/alist-org/alist

Alist has Insecure TLS Config in github.com/alist-org/alist...

MiracleLinux 9 : perl-HTTP-Tiny-0.076-461.el9 (AXSA:2023-6649:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6649:01 advisory. http-tiny: insecure TLS cert default CVE-2023-31486 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 7 : perl-HTTP-Tiny-0.033-3.0.1.el7.AXS7 (AXSA:2025-10975:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10975:01 advisory. CVE-2023-31486: fix insecure default TLS configuration Enable automated tests during build CVEs: CVE-2023-31486 HTTP::Tiny before 0.083, a Perl core module...

CVE-2023-4331

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols...

Security Bulletin: Vulnerability in HTTP::Tiny affects IBM Netezza Appliance

Summary The HTTP::Tiny package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2023-31486 Vulnerability Details CVEID:CVE-2023-31486 DESCRIPTION: HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecur...

EUVD-2023-54196

Malicious code in bioql PyPI...

EUVD-2024-0360

Malicious code in bioql PyPI...

EUVD-2023-54191

Malicious code in bioql PyPI...

EUVD-2025-12562

Malicious code in bioql PyPI...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to insufficient authentication checks in the client and server processes. An attacker can gain unauthorized access to sensitive data by establishing a connection without proper certificate validation or...

firefox -- multiple vulnerabilities

[email protected] reports: An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. When Multi-Account Containers was enabled, DNS requests could have bypass...

SICK Field Analytics和SICK Media Server 加密问题漏洞

SICK Field Analytics and SICK Media Server are both products of SICK GmbH, Germany.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from support for an...

CVE-2023-22812

SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data...

Alibaba Cloud Linux 3 : 0002: perl-HTTP-Tiny (ALINUX3-SA-2024:0002)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0002 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-31486: HTTP::Tiny before 0.083, a Perl cor...

CVE-2025-3200

An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems...

CVE-2025-3200

An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems...

CVE-2025-3200

CVE-2025-3200 affects the Com-Server component, where an unauthenticated remote attacker could exploit the use of insecure TLS 1.0 and TLS 1.1 to intercept and manipulate encrypted communications between the Com-Server and connected systems. The issue stems from weak cryptographic protocol suppor...

Wiesemann & Theis Com-Server 加密问题漏洞

Wiesemann & Theis Com-Server is a communication server for industrial automation from Wiesemann & Theis that provides connectivity between serial devices and Ethernet. A cryptographic issue vulnerability exists in Wiesemann & Theis Com-Server versions prior to 1.60 that stems from the use of...

PT-2025-18058 · Unknown · Com-Server

Name of the Vulnerable Software and Affected Versions: Com-Server affected versions not specified Description: An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connecte...