Lucene search
K

1345 matches found

Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.3 views

PT-2026-1851

Name of the Vulnerable Software and Affected Versions NeuVector affected versions not specified Description NeuVector supports login authentication through OpenID Connect. The TLS verification, which confirms the remote server’s authenticity and integrity, is not enforced by default for OpenID...

8.8CVSS7.8AI score0.00321EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.7 views

CVE-2019-12820

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account,...

5.6CVSS6AI score0.00479EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.4 views

EulerOS 2.0 SP9 : openssh (EulerOS-SA-2026-1009)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent...

6.8CVSS6.8AI score0.06997EPSS
Exploits4References3
SUSE CVE
SUSE CVE
added 2025/12/20 12:27 a.m.10 views

SUSE CVE-2025-68161

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...

5.4CVSS6.8AI score0.00743EPSS
Exploits1References5
CVE
CVE
added 2025/12/12 2:30 a.m.9 views

CVE-2025-13052

CVE-2025-13052 describes improper TLS/SSL certificate validation in ADM notifications when sending emails via msmtp, enabling potential MITM disclosure of SMTP data. Affected: ADM 4.1.0–4.3.3.RKD2 and 5.0.0–5.1.0.RN42. Root cause: TLS/SSL validation weakness between SMTP client and server. Impact...

7CVSS6.4AI score0.00157EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.4 views

PT-2025-50802

Name of the Vulnerable Software and Affected Versions ADM versions 4.1.0 through 4.3.3.RKD2 ADM versions 5.0.0 through 5.1.0.RN42 Description An improperly validated TLS/SSL certificate when sending emails to an SMTP server via msmtp allows an attacker intercepting network traffic to execute a...

7CVSS6.7AI score0.00157EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.5 views

CVE-2025-63432

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...

4.6CVSS7.1AI score0.0015EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/24 12:0 a.m.15 views

CVE-2025-63432

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...

0.0015EPSS
Exploits1References2
OSV
OSV
added 2025/11/05 7:16 p.m.5 views

CVE-2025-56232

GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...

6.8CVSS5.8AI score0.0012EPSS
Exploits1References2
NVD
NVD
added 2025/11/05 7:16 p.m.9 views

CVE-2025-56232

GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle MitM attack to intercept update requests and replace installer or update packages with malicious files...

6.8CVSS0.0012EPSS
Exploits1References2
Snyk
Snyk
added 2025/10/15 5:39 p.m.3 views

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

8.2CVSS6.6AI score0.00681EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/15 7:46 a.m.4 views

Improper Verification of Cryptographic Signature

Overview org.apache.spark:spark-network-common2.12 is an open-source distributed general-purpose cluster-computing framework. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature when the spark.network.crypto.enabled is true and the cipher is not...

9CVSS6.9AI score0.00223EPSS
Exploits0References2
OSV
OSV
added 2025/10/10 3:4 p.m.5 views

JLSEC-2025-27 curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MI...

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...

4.3CVSS6.9AI score0.03141EPSS
Exploits1References18
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-18776

Malware in sbrugna...

7.5CVSS7.4AI score0.01822EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-12088

Malware in sbrugna...

7.4CVSS6AI score0.00868EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2020-25194

Malware in sbrugna...

5.9CVSS6.2AI score0.00507EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-26875

Malware in sbrugna...

5.9CVSS5.9AI score0.01327EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-3122

Malware in sbrugna...

7.5CVSS6.1AI score0.0076EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2007-3738

Malware in sbrugna...

4.3CVSS6.4AI score0.01841EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-11927

Malware in sbrugna...

7.4CVSS6.5AI score0.01056EPSS
Exploits0References3
Rows per page
Query Builder