Lucene search
+L

4366 matches found

Cvelist
Cvelist
added 2026/02/03 2:19 a.m.36 views

CVE-2026-24932 An improper certificate validation vulnerability was found in ADM while updating the DDNS settings.

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.14 views

ASUSTOR ADM 安全漏洞

ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1, and from version 5.0.0 to 5.1.1.RCI1 of ASUSTOR ADM. These vulnerabilities stem from the use of insecure HTTP connections in the...

6.3CVSS7.1AI score0.00156EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2026/02/03 12:0 a.m.4 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1219)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5.4AI score0.0039EPSS
Exploits1References2
NVD
NVD
added 2026/02/02 6:16 a.m.10 views

CVE-2026-1530

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle MITM attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in...

8.1CVSS0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/02 5:47 a.m.6 views

EUVD-2026-5117

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.4AI score0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/02 5:47 a.m.8 views

CVE-2026-1531 Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.4AI score0.00274EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.15 views

PT-2026-5724

Name of the Vulnerable Software and Affected Versions OpenList versions prior to 4.1.10 Description The OpenList application disables TLS certificate verification by default for all outgoing storage driver communications, creating a risk of Man-in-the-Middle MitM attacks. This allows attackers to...

8.1CVSS5.3AI score0.00239EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/02/02 12:0 a.m.8 views

EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-1219)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. Th...

4.3CVSS5.6AI score0.0039EPSS
Exploits1References2
RubySec
RubySec
added 2026/02/02 12:0 a.m.9 views

foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.3AI score0.00274EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/01/29 3:46 p.m.10 views

EUVD-2025-206513

Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, libparseccrypto, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means ...

8.3CVSS5.9AI score0.0026EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/25 12:0 a.m.9 views

Debian dsa-6110 : openjdk-17-dbg - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6110 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6110-1 [email protected] https://www.debian.org/securit...

7.5CVSS6.1AI score0.00864EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.8 views

Oracle GoldenGate for Big Data MiTM Vulnerability 19.x < 19.1.0.0.22 (January 2026 CPU)

According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...

6.3CVSS6.4AI score0.00756EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.8 views

Azure Linux 3.0 Security Update: samba (CVE-2017-12150)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2017-12150 advisory. - It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce SMB signin...

7.4CVSS5.5AI score0.13334EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : gnutls-3.6.8-11.el8 (AXSA:2020-604:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-604:01 advisory. gnutls: session resumption works without master key allowing MITM CVE-2020-13777 Tenable has extracted the preceding description block directly from the...

7.4CVSS7.9AI score0.17507EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.7 views

MiracleLinux 3 : jakarta-commons-httpclient-3.0-7jpp.2 (AXSA:2013-107:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-107:01 advisory. The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the...

5.8CVSS7.1AI score0.09254EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 3 : jakarta-commons-httpclient-3.0-7jpp.4.AXS3 (AXSA:2014-519:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-519:01 advisory. Description : The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled...

5.8CVSS6.4AI score0.09149EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.7 views

EulerOS 2.0 SP10 : curl (EulerOS-SA-2026-1044)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. Th...

4.3CVSS5.9AI score0.0039EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.8 views

MiracleLinux 3 : openssl097a-0.9.7a-9.AXS3.2 (AXSA:2010-157:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-157:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which...

9.8CVSS7.7AI score0.87264EPSS
Exploits15References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:35 a.m.6 views

CVE-2021-41034

The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Jav...

8.1CVSS7AI score0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.9 views

CVE-2021-33879

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...

8.1CVSS6.8AI score0.01022EPSS
Exploits1References1
Rows per page
Query Builder