Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

CVE-2025-27377

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle MITM attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensiti...

CVE-2025-27377

CVE-2025-27377 concerns Altium Designer 24.9.0, where self-signed server certificates are not validated for cloud connections. The root cause is improper certificate validation, enabling a potential MITM attacker to intercept or manipulate network traffic and possibly expose authentication creden...

Altium Designer security vulnerabilities

Altium Designer is an electronic design automation software developed by Altium Corporation in the United States. Version 24.9.0 of Altium Designer contains a security vulnerability. This vulnerability stems from unverified self-signed server certificates connected to the cloud, which may lead to...

EUVD-2006-5730

Malware in sbrugna...

EUVD-2014-3463

Malware in sbrugna...

EUVD-2015-4971

Malware in sbrugna...

EUVD-2018-1994

Malware in sbrugna...

EUVD-2006-4555

Malware in sbrugna...

EUVD-2024-0332

Malicious code in bioql PyPI...

EUVD-2022-3533

Malicious code in bioql PyPI...

EUVD-2025-26599

Malicious code in bioql PyPI...

EUVD-2023-58313

Malicious code in bioql PyPI...

CVE-2025-8393

CVE-2025-8393 describes a TLS trust issue in the Dreame Technology mobile apps (iOS/Android) used to manage a connected device. The phone application accepts self-signed certificates during TLS, which can enable man‑in‑the‑middle attacks on untrusted networks and may lead to exposure of user cred...

CVE-2025-41256

Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates e.g., self-signed, since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5...

B&R Automation Runtime Use of a Broken or Risky Cryptographic Algorithm (CVE-2024-8603)

B&R Automation Runtime and B&R mapp View generates self-signed certificates during the boot-up process if no certificates have been configured in the B&R Automation Studio project. These certificates are signed using an algorithm, which is no longer considered to be secure. This plugin only works...

CVE-2023-38686

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

CVE-2020-2187

Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks...

CVE-2023-6056

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to...

CVE-2023-6056

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to...