CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

Linux Distros Unpatched Vulnerability : CVE-2026-26994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below...

CVE-2026-26994 uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

CVE-2026-25644

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8...

CVE-2026-25644

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8...

CVE-2026-25644

DataHub (open-source metadata platform) is affected by CVE-2026-25644 through the LDAP ingestion source. Prior to version 1.3.1.8, it is vulnerable to a MITM attack via TLS downgrade. The issue has been patched in DataHub 1.3.1.8. Public sources from NVD/Red Hat confirm the vulnerability and the ...

CVE-2026-25644

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8...

PT-2026-6808

Name of the Vulnerable Software and Affected Versions DataHub versions prior to 1.3.1.8 Description DataHub, an open-source metadata platform, has an issue in its LDAP ingestion source. Specifically, versions before 1.3.1.8 are susceptible to a man-in-the-middle MITM attack due to a TLS downgrade...

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

EUVD-2018-8659

Malware in sbrugna...

EUVD-2018-8660

Malware in sbrugna...

EUVD-2018-8661

Malware in sbrugna...

EUVD-2018-12298

Malware in sbrugna...

EUVD-2019-5996

Malware in sbrugna...

EUVD-2025-12228

Malicious code in bioql PyPI...

EUVD-2024-46962

Malicious code in bioql PyPI...

CVE-2025-59270 psPAS does not enforce TLS 1.2 within Get-PASSAMLResponse

psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.2...