Security Bulletin: Vulnerabilities in jersey-client-3.1.0.jar affecting MongoDB Enterprised Advanced (CVE-2025-12383)

Summary There is a vulnerability in jersey-client-3.1.0.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-12383. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cau...

CVE-2025-32057

The CVE-2025-32057 entry concerns the Bosch Infotainment ECU in Nissan Leaf ZE1 (2020). The vulnerability arises from using a Redbend OTA service with HTTPS where the SSL engine uses a default configuration, resulting in server root certificate verification being disabled. This can allow an attac...

CVE-2025-68637 Apache Uniffle: Insecure SSL Configuration in Uniffle HTTP Client

The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle MITM attacks. This...