SUSE CVE-2026-27586

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

CVE-2026-27586

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

CVE-2026-27586 Caddy's mTLS client authentication silently fails open when CA certificate file is missing or malformed

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

CVE-2025-64685

In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure...

CVE-2025-56230

Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component...

CVE-2025-56232

GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...

CVE-2025-62371

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugin...

EUVD-2025-5052

Malicious code in bioql PyPI...

EUVD-2022-25331

Malicious code in bioql PyPI...

CVE-2025-56146

Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity...

CVE-2025-56146

CVE-2025-56146 affects Indian Bank IndSMART Android App v3.8.1, with a missing SSL certificate validation flaw in the NuWebViewActivity. Affected software is the Indian Bank IndSMART Android App; the underlying cause is lack of SSL certificate validation in NuWebViewActivity, enabling potential m...

CVE-2025-56146

Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity...

PT-2025-39203

Name of the Vulnerable Software and Affected Versions Indian Bank IndSMART Android App version 3.8.1 Description The Indian Bank IndSMART Android App version 3.8.1 exhibits a flaw related to missing SSL certificate validation within the NuWebViewActivity component. This could potentially allow fo...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to insufficient authentication checks in the client and server processes. An attacker can gain unauthorized access to sensitive data by establishing a connection without proper certificate validation or...

SUSE-SU-2025:20336-1 Security update for ca-certificates-mozilla

This update for ca-certificates-mozilla fixes the following issues: - test for a concretely missing certificate rather than just the directory, as the latter is now also provided by openssl-3 - Re-create java-cacerts with SOURCEDATEEPOCH set for reproducible builds bsc1229003 - explicit remove...

Security update for ca-certificates-mozilla

This update for ca-certificates-mozilla fixes the following issues: test for a concretely missing certificate rather than just the directory, as the latter is now also provided by openssl-3 Re-create java-cacerts with SOURCEDATEEPOCH set for reproducible builds bsc1229003 explicit remove distrust...

Devolutions Remote Desktop Manager 信任管理问题漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada Inc. It provides remote desktop management functionality. Devolutions Remote Desktop Manager is vulnerable to a trust management issue that stems from missing certificate validation. The following products and versions a...

CVE-2024-31872

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316...

Httpful is Missing Certificate Validation

Httpful has Insecure HTTPS Connections due to Missing Default Certificate Validation...

SUSE SLES15 / openSUSE 15 Security Update : python-docker (SUSE-SU-2024:1937-2)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1937-2 advisory. - CVE-2024-35195: Fixed missing certificate verification bsc1224788. Tenable has extracted the preceding description block...