CVE-2026-22750

CVE-2026-22750 affects Spring Cloud Gateway; SSL bundle configuration via spring.ssl.bundle could be silently ignored, causing the system to fall back to the default SSL settings. Root cause: configuration bypass leads to unintended SSL behavior and potential exposure if defaults differ from inte...

EUVD-2024-0760

Malicious code in bioql PyPI...

EUVD-2024-33375

Malicious code in bioql PyPI...

BIT-AIRFLOW-2024-25141

When ssl was enabled for Mongo Hook, default settings included "allowinsecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue...

Unsafe SSL Verification

tecnickcom/tcpdf is vulnerable to Unsafe SSL verification. The vulnerability is due to improper handling of SSL verification settings in TCPDF when using libcurl, where CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely. It allows an attacker to perform a Man-in-the-Middle MitM attack...

TCPDF missing certificate validation

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

Amazon Linux 2 : libpq (ALASPOSTGRESQL14-2024-015)

The version of libpq installed on the remote host is prior to 14.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2024-015 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different...

Important: postgresql15

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

Important: postgresql16

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

CVE-2024-10977

CVE-2024-10977 affects PostgreSQL libpq by allowing a server to send an error message that, when the client is not trusting SSL/GSS settings, can reveal arbitrary non-NUL bytes to the client (e.g., psql). Affected products/versions include PostgreSQL before the fixed point: 17.1 and older branche...

CVE-2024-10977

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

SUSE CVE-2023-27535

An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...

CVE-2020-29658

Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation...

JBoss/WildFly: iiop does not honour strict transport confidentiality

The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections:...

Google AdWords API PHP Client Library 6.2.0 Code Execution Vulnerability

Google AdWords API PHP client library versions 6.2.0 and below suffer from an arbitrary PHP code execution vulnerability. ============================================= - Release date: 06.11.2015 - Discovered by: Dawid Golunski - Severity: Medium/High ============================================= ...

Google AdWords API PHP Client Library 6.2.0 XXE Injection Vulnerability

Google AdWords API PHP client library versions 6.2.0 and below suffer from an XML eXternal Entity injection vulnerability. ============================================= - Release date: 06.11.2015 - Discovered by: Dawid Golunski - Severity: Medium/High =============================================...

Google AdWords API PHP Client Library 6.2.0 Code Execution

Advisory URL: http://legalhackers.com/advisories/Google-AdWords-PHP-Client-library-PHP-Code-Execution.txt ============================================= - Release date: 06.11.2015 - Discovered by: Dawid Golunski - Severity: Medium/High ============================================= I. VULNERABILITY...

Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection

Date: 06.11.2015 Exploit Author: Dawid Golunski Vendor Homepage: https://developers.google.com/adwords/api/docs/clientlibraries Software Link: https://github.com/googleads/googleads-php-lib Version: Google AdWords API client libraries - XML eXternal Entity Injection XXE...

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-592-1)

Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws in Firefox's character encoding handling. If a user were tricked into opening a malicious web page, an attacker could perform cross-site scripting attacks. CVE-2008-0416 Various flaws were discovered in the JavaScript engine...