CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:17 p.m.•7 views

CVE-2026-6066

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...

7.1CVSS5.4AI score0.00082EPSS

Vulnrichment•added 2026/06/04 12:0 a.m.•8 views

CVE-2026-44393

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When sslcafile is configured, the driver enables certificate chain validation but does not pass the expect...

5.8AI score0.00133EPSS

Hacker One•added 2026/06/03 9:19 p.m.•18 views

curl: DNS domain search list followed for extant domain missing A or AAAA records

Summary: Curl calls getaddrinfo to resolve a domain's addresses, however glibc will continue though the domain search list to find data even if it gets a NODATA response. When using AFUNSPEC in the aihints, this search will stop at the first domain with either an A or AAAA record, however when...

5.5AI score

Exploits0

Positive Technologies•added 2026/06/02 12:0 a.m.•10 views

PT-2026-45817

Name of the Vulnerable Software and Affected Versions Graph Explorer versions prior to 3.0.1 Description The proxy server falls back to HTTP when certificate files are missing. This behavior may allow remote threat actors to intercept requests intended for HTTPS and obtain sensitive information...

8.2CVSS5.5AI score0.00101EPSS

SUSE CVE•added 2026/05/27 2:53 a.m.•9 views

SUSE CVE-2026-3012

A flaw was found in Samba's certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00251EPSS

Exploits0References11

CNNVD•added 2026/05/26 12:0 a.m.•17 views

GnuTLS 信任管理问题漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS. GnuTLS has a trust management vulnerability, which stems from the certificate verification process. Customized certificates may cause incorrect backtracking during the verification of the common name field,...

7.1CVSS5.8AI score0.00232EPSS

Cvelist•added 2026/05/22 9:14 a.m.•28 views

CVE-2026-25608 Lack of traffic encryption in STER

STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middle attack and obtain sensitive data such as passwords, personal data, or authentication tokens. This issue was fixed in version 9.5...

2.3CVSS0.00208EPSS

CNNVD•added 2026/05/21 12:0 a.m.•6 views

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in the file...

8.2CVSS5.8AI score0.00173EPSS

Positive Technologies•added 2026/05/21 12:0 a.m.•10 views

PT-2026-42526

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT SSL VERIFYPEER to false and not setting CURLOPT SSL VERIFYHOST when issuing outbound HTTPS requests for outbound HTTPS requests issued during the login/authentication flow. An attacker...

8.2CVSS5.9AI score0.00205EPSS

NVD•added 2026/05/14 5:16 p.m.•23 views

CVE-2025-62310

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions...

5.4CVSS0.00049EPSS

EUVD•added 2026/05/14 4:6 p.m.•7 views

EUVD-2025-209854

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions...

4.3CVSS5.8AI score0.0008EPSS

Cvelist•added 2026/05/14 4:6 p.m.•33 views

CVE-2025-62311 HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels.

4.3CVSS0.0008EPSS

Positive Technologies•added 2026/05/14 12:0 a.m.•10 views

PT-2026-40953

5.4CVSS5.8AI score0.00049EPSS

CNNVD•added 2026/05/12 12:0 a.m.•8 views

Kura Sushi Official App 信任管理问题漏洞

Kura Sushi Official App is a mobile reservation and membership service app for Kura Sushi restaurants across Japan. The app has vulnerabilities related to trust management, stemming from improper certificate verification. These vulnerabilities may allow for interception by intermediaries or the...

9.1CVSS7.1AI score0.0016EPSS

RedhatCVE•added 2026/05/04 6:28 a.m.•10 views

CVE-2026-40971

A flaw was found in Spring Boot. When configured to use an SSL Secure Sockets Layer bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. This vulnerability could allow an attacker on the same network to intercept or alter...

9.1CVSS5.7AI score0.00157EPSS