22 matches found
Improper Certificate Validation
Overview yapi-vendor is a YAPI Affected versions of this package are vulnerable to Improper Certificate Validation due to the HTTPS agent configuration setting rejectUnauthorized: false. An attacker can intercept and manipulate network traffic by performing a man-in-the-middle attack. Remediation...
GHSA-663H-2VR3-GHRJ yapi disables TLS/SSL certificate validation via rejectUnauthorized: false in Axios HTTPS agent
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...
CVE-2025-70043
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in TLS socket options...
PT-2026-21520
Name of the Vulnerable Software and Affected Versions Ayms node-To master affected versions not specified Description The application disables TLS/SSL certificate validation by setting rejectUnauthorized to false in TLS socket options. This improper certificate validation could allow for...
PT-2026-21522
Name of the Vulnerable Software and Affected Versions jxcore jxm master Description The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTPS request options when jx obj.IsSecure is true. This improper certificate validation could allow for...
CVE-2025-70045
CVE-2025-70045 affects the jxcore jxm master component. The vulnerability arises from the code path that disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTPS request options when 'jx_obj.IsSecure' is true. This improper certificate validation can enable man-in-t...
CVE-2025-70045
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTPS request options when 'jxobj.IsSecure' is true...
CVE-2025-70043
CVE-2025-70043 affects Ayms node-To master. Root cause: TLS certificate validation is disabled via rejectUnauthorized: false in TLS socket options (CWE-295). This improper certificate validation could enable man-in-the-middle attacks. Documents consistently describe the condition but do not provi...
CVE-2025-70043
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in TLS socket options...
CVE-2025-70029
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...
CVE-2025-70029
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...
CVE-2025-70029
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...
PT-2026-7627
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...
CVE-2025-70029
CVE-2025-70029 affects Sunbird-Ed SunbirdEd-portal v1.13.4. The issue is that TLS/SSL certificate validation is disabled by setting 'rejectUnauthorized': false in HTTP request options, which can lead to information exposure. The CVSS 3.1 vector indicates Network access with low attack complexity ...
MiracleLinux 8 : nodejs:12 (AXSA:2021-2440:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2440:01 advisory. nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...
EUVD-2025-0113
Malicious code in bioql PyPI...
Vulnerability of the API component: A software platform in Node.js that allows attackers to compromise data integrity
The vulnerability of the API component in the Node.js software platform is related to insufficient checking of the rejectUnauthorized value. Exploiting this vulnerability allows an attacker to compromise data integrity...
nodejs: Incomplete validation of tls rejectUnauthorized parameter
A flaw was found in Node.js. If the Node.js HTTPS API is used incorrectly and "undefined" is passed for the "rejectUnauthorized" parameter, no error is returned, and the connections to servers with an expired certificate are accepted. The highest threat from this vulnerability is to integrity...
nodejs: Incomplete validation of tls rejectUnauthorized parameter
A flaw was found in Node.js. If the Node.js HTTPS API is used incorrectly and "undefined" is passed for the "rejectUnauthorized" parameter, no error is returned, and the connections to servers with an expired certificate are accepted. The highest threat from this vulnerability is to integrity...
ALPINE-CVE-2021-22939
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...