Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak

A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle MITM attack...

GHSA-RCJ2-VVJX-87PM Missing Encryption of Sensitive Data in arrow-kt Arrow

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts for compiling and building the published JARs over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack...

Design/Logic Flaw

The DeskRoll Remote Desktop aka com.deskroll.client1 application 0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2006-4499

ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURLOPTSSLVERIFYPEER and CURLOPTSSLVERIFYHOST that do not verify SSL certificates, which allows remote attackers to read network traffic via a man-in-the-middle MITM attack...