108 matches found
FortiOS - Insecure LDAP Configuration Detection
The FortiGate LDAP configuration was detected to be insecure due to missing ca-cert, secure LDAPS, or server-identity-check, potentially exposing LDAP communications to credential interception or man-in-the-middle attacks under specific network conditions. id: CVE-2019-5591 info: name: FortiOS -...
EUVD-2026-36203
Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4...
PT-2026-48616
Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.6 Spring Boot versions 3.5.0 through 3.5.14 Spring Boot versions 3.4.0 through 3.4.16 Description Mail auto-configuration does not enable hostname verification, which is the process of verifying that the...
CVE-2026-40992: Mail Auto-Configuration Does Not Enable SSL Hostname Verification
Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true , are not affected...
curl: Missing server identity policy enforcement in SSH connection reuse allows host key verification bypass via pool poisoning
Missing server identity policy enforcement in SSH connection reuse allows host key verification bypass via pool poisoning --- Summary sshconfigmatches in lib/url.c decides whether an existing SSH connection can be reused by a new transfer handle. It checks client key paths rsa, rsapub but never...
CVE-2025-9293
The CVE-2025-9293 entry describes a vulnerability in TLS certificate validation across multiple mobile applications. Root cause: insufficient validation of server identities during TLS, enabling an attacker in a privileged network position to intercept or modify traffic. Impact includes confident...
CVE-2026-22613
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...
CVE-2026-22613
The CVE-2026-22613 entry pertains to Eaton Network M3 firmware upgrades via command shell, where the server identity check during upgrade is insecure, enabling potential MITM. Affected component: firmware upgrade mechanism; root cause: insecure server identity verification in upgrade flow. Impact...
CVE-2026-22613
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...
Eaton Network M3 安全漏洞
Eaton Network M3 is a security network interface card developed by the American company Eaton. There is a security vulnerability in Eaton Network M3, which stems from the insecure mechanism for server identity checks executed through command shells during firmware updates. This vulnerability may...
PT-2026-7071
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...
CLSA-2026-1768224107 perl: Fix of CVE-2023-31484
CVE-2023-31484: add verifySSL=1 to HTTP::Tiny to verify https server identity...
CLSA-2026-1768223815 perl: Fix of CVE-2023-31484
CVE-2023-31484: add verifySSL=1 to HTTP::Tiny to verify https server identity...
EUVD-2012-5516
Malware in sbrugna...
EUVD-2018-17311
Malware in sbrugna...
EUVD-2021-2501
Malware in sbrugna...
EUVD-2017-15208
Malware in sbrugna...
EUVD-2025-23851
Malicious code in bioql PyPI...
EUVD-2023-0759
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-4492
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step at least it should b...