Lucene search
K

459 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/02 8:14 p.m.3 views

CVE-2026-1778

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

8.2CVSS5.4AI score0.00244EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/02 8:14 p.m.32 views

CVE-2026-1778 TLS disabled by default in select aws/sagemaker-python-sdk configurations

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

8.2CVSS0.00244EPSS
Exploits0References4
OSV
OSV
added 2026/02/02 8:14 p.m.6 views

CVE-2026-1778 TLS disabled by default in select aws/sagemaker-python-sdk configurations

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

8.2CVSS6AI score0.00244EPSS
Exploits0References6
OSV
OSV
added 2026/02/01 5:58 p.m.7 views

GHSA-MC24-7M59-4Q5P Rancher CLI skips TLS verification on Rancher CLI login command

Impact A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting...

8.3CVSS5.8AI score0.00153EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/01 5:58 p.m.15 views

Rancher CLI skips TLS verification on Rancher CLI login command

Impact A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting...

8.3CVSS5.8AI score0.00153EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/29 3:19 p.m.9 views

CVE-2025-41351

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...

6CVSS5.9AI score0.00194EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 11:15 a.m.7 views

CVE-2025-41351

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...

6CVSS0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 10:43 a.m.9 views

CVE-2025-41351

The CVE-2025-41351 entry concerns Funambol v30.0.0.20 cloud server vulnerability where the thumbnail display URL exposes weaknesses that permit a Padding Oracle Attack to decrypt and encrypt parameters used to generate ‘self-signed’ access URLs. Affected component/process appears to be the thumbn...

6CVSS5.9AI score0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 10:43 a.m.6 views

EUVD-2025-206478

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...

6CVSS5.9AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/28 10:43 a.m.32 views

CVE-2025-41351 Weak encryption on Funambol's cloud server

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...

6CVSS0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/28 10:43 a.m.6 views

CVE-2025-41351 Weak encryption on Funambol's cloud server

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...

6CVSS5.9AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.6 views

PT-2026-5085

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...

6CVSS5.9AI score0.00194EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/23 9:15 p.m.7 views

CVE-2025-32057

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server...

6.5CVSS5.5AI score0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 4:16 p.m.8 views

CVE-2025-32057

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server...

6.5CVSS0.00291EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/22 3:22 p.m.4 views

CVE-2025-32057

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server...

6.5CVSS5.5AI score0.00291EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/22 3:22 p.m.24 views

CVE-2025-32057 Misconfigured SSL/TLS communication of Redbend service for Infotainment ECU

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server...

6.5CVSS0.00291EPSS
Exploits0References3
CVE
CVE
added 2026/01/22 3:22 p.m.53 views

CVE-2025-32057

The CVE-2025-32057 entry concerns the Bosch Infotainment ECU in Nissan Leaf ZE1 (2020). The vulnerability arises from using a Redbend OTA service with HTTPS where the SSL engine uses a default configuration, resulting in server root certificate verification being disabled. This can allow an attac...

6.5CVSS5.5AI score0.00291EPSS
Exploits0References3
OSV
OSV
added 2026/01/22 1:15 a.m.4 views

CVE-2025-27377

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle MITM attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensiti...

5.3CVSS5.8AI score0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 1:15 a.m.7 views

CVE-2025-27377

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle MITM attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensiti...

5.3CVSS0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 12:16 a.m.4 views

CVE-2025-27377

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle MITM attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensiti...

5.3CVSS5.4AI score0.00174EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder