curl: CVE-2025-14524: bearer token leak on cross-protocol redirect

Summary: A vulnerability exists in libcurl regarding the handling of OAuth2 Bearer tokens CURLOPTXOAUTH2BEARER during HTTP redirects. While libcurl correctly clears standard authentication credentials CURLOPTUSERPWD when following a redirect to a different host, port, or protocol a security...

EUVD-2020-0518

Malware in sbrugna...

EUVD-2021-2501

Malware in sbrugna...

EUVD-2025-10826

Malicious code in bioql PyPI...

EUVD-2024-35270

Malicious code in bioql PyPI...

CVE-2024-35299

In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation...

CVE-2025-31354

Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters...

CVE-2025-31354

Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters...

PT-2025-16128 · Subnet Solutions · Subnet Solutions Powersystem Center

Name of the Vulnerable Software and Affected Versions: Subnet Solutions PowerSYSTEM Center affected versions not specified Description: The issue arises when an EC certificate with crafted F2m parameters is imported, affecting the SMTPS notification service. This can lead to excessive CPU...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 Openshift Jenkins security update

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

FreeBSD : keycloak -- Missing server identity checks when sending mails via SMTPS (fd538d14-5778-4764-b321-2ddd61a8a58f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fd538d14-5778-4764-b321-2ddd61a8a58f advisory. Red Hat reports: A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which...

angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication

A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...

keycloak -- Missing server identity checks when sending mails via SMTPS

Red Hat reports: A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can all...

CVE-2024-35299

In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation...

CVE-2024-35299

In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation...

CVE-2024-35299

In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation...

CVE-2024-35299

The CVE-2024-35299 entry concerns JetBrains YouTrack prior to version 2024.1.29548, where SMTPS protocol communication lacked proper certificate hostname validation. This creates a potential exposure related to TLS hostname verification, with the NVD CVSS data indicating high impact on confidenti...

CVE-2024-35299

In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation...

TLS Certificate Check Bypass

libcurl is vulnerable to TLS Certificate Check Bypass. The vulnerability is caused due to libcurl not checking the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the...