CVE-2026-32644 Milesight Cameras Use of Hard-coded Cryptographic Key

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys...

EUVD-2025-208377

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...

CVE-2025-68721

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...

CVE-2025-62371 OpenSearch Data Prepper plugins trusts all SSL certificates by default

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugin...

PT-2022-3152 · Rambus · Rambus Safezone Basic Crypto Module

Name of the Vulnerable Software and Affected Versions: Rambus SafeZone Basic Crypto Module versions prior to 10.4.0 Description: The issue is related to the generation of RSA keys that can be broken with Fermat's factorization method, allowing efficient calculation of private RSA keys from the...

CVE-2016-4830

Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates...