Lucene search
K

149 matches found

Snyk
Snyk
added 6 days ago6 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation when the CURLOPTSSLSESSIONIDCACHE is enabled and the CURLSSLOPTEARLYDATA option is set in CURLOPTSSLOPTIONS. An attacker can intercept and obtain sensitive information by impersonating a server and...

8.3CVSS6AI score0.0032EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/24 3:34 a.m.9 views

EUVD-2026-38645

A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability...

6.2CVSS5.9AI score0.00197EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 3:34 a.m.8 views

CVE-2026-12488

A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability...

6.2CVSS5.9AI score0.00197EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51656

Name of the Vulnerable Software and Affected Versions GeoVision GV-VMS V20 version 20.0.2 Description Memory corruption occurs within the GV-Cloud functionality. A remote attacker can trigger a denial of service by sending a specially crafted network request while impersonating the legitimate...

6.2CVSS5.8AI score0.00197EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.7 views

netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass

A flaw was found in Netty, a network application framework. This vulnerability allows a remote attacker to bypass hostname verification due to improper handling of user-supplied trust managers. When a client is configured with a plain X.509 Trust Manager X509TrustManager, it fails to perform...

7.5CVSS5.3AI score0.00269EPSS
Exploits0References7
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2026-45388

In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication because of KeyUsage and ExtendedKeyUsage...

9.1CVSS0.00225EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-35563

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the...

8.8CVSS5.5AI score0.00182EPSS
Exploits0References3
NVD
NVD
added 2026/06/01 8:16 a.m.17 views

CVE-2026-35563

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS0.00182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:12 a.m.10 views

CVE-2026-35563

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS5.8AI score0.00182EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 7:12 a.m.9 views

CVE-2026-35563 Apache Directory LDAP API: LDAP client implementation does not verify if the server certificate matches the intended LDAP hostname

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS5.8AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 7:12 a.m.11 views

EUVD-2026-33569

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS5.8AI score0.00182EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/01 7:12 a.m.13 views

CVE-2026-35563

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS5.8AI score0.00182EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/29 12:9 p.m.17 views

CVE-2026-9508 Incorrect Permission Assignment for Critical Resource vulnerability in Suprema's BioStar

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

10CVSS5.8AI score0.00341EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/06 5:59 p.m.9 views

Apache ZooKeeper: Apache ZooKeeper: Impersonation of servers or clients via reverse DNS spoofing

A flaw was found in Apache ZooKeeper. The ZKTrustManager component's hostname verification process can fall back to reverse DNS PTR lookup when IP Subject Alternative Name SAN validation fails. This vulnerability allows an attacker who can control or spoof PTR records to impersonate ZooKeeper...

7.4CVSS7.1AI score0.00633EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/04 1:52 p.m.6 views

CVE-2025-40896 Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

6.5CVSS5.9AI score0.00111EPSS
Exploits0References1
RustSec
RustSec
added 2026/03/04 12:0 p.m.10 views

`time-sync` was removed from crates.io due to malicious code

The time-sync crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. This the same attack that we've seen three times in the last few days. The malicious crate had 1 version published on 2026-03-04 approximately 50 minutes before...

6AI score
Exploits0
OSV
OSV
added 2026/03/04 12:0 p.m.4 views

RUSTSEC-2026-0032 `dnp3times` was removed from crates.io due to malicious code

The dnp3times crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. It was loosely trying to typosquat the dnp3time crate, but otherwise was the same attack as the timecalibrator and timecalibrators malware yesterday. The malicious...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/03/04 12:0 p.m.5 views

RUSTSEC-2026-0036 `time-sync` was removed from crates.io due to malicious code

The time-sync crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. This the same attack that we've seen three times in the last few days. The malicious crate had 1 version published on 2026-03-04 approximately 50 minutes before...

6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.3 views

PT-2026-22916

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

6.5CVSS5.9AI score0.00111EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/13 1:22 p.m.8 views

CVE-2025-15573

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to...

9.4CVSS5.8AI score0.00216EPSS
Exploits0References1
Rows per page
Query Builder