Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.11 views

CVE-2026-41732

JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default...

8.1CVSS5.4AI score0.00347EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:48 p.m.17 views

CVE-2026-41714

Spring AMQP 2.4.x/3.1.x/3.2.x/4.0.x (versions 2.4.0–2.4.17, 3.1.0–3.1.15, 3.2.0–3.2.10, 4.0.0–4.0.3) are affected by CVE-2026-41714. The issue occurs when a broker connection is configured via RabbitConnectionFactoryBean.setUri("amqps://...") without calling setUseSSL(true). This leads to TLS enc...

4CVSS5.5AI score0.00132EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.8 views

CVE-2026-50208

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

9.4CVSS5.4AI score0.00141EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 9:16 a.m.12 views

CVE-2026-50208

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

9.4CVSS0.00141EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 7:9 a.m.22 views

CVE-2026-50208

CVE-2026-50208 describes a vulnerability where TrustAllCerts routines bypass TLS certificate validation and are combined with hard-coded DES keys, enabling a MitM actor to decrypt network traffic. Documented impact includes high confidentiality and integrity risks with network traffic exposure; n...

9.4CVSS5.8AI score0.00141EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:9 a.m.12 views

CVE-2026-50208

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

9.2CVSS5.8AI score0.00141EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 7:9 a.m.41 views

CVE-2026-50208 Permissive TrustAllCerts TLS Verification

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

9.2CVSS0.00141EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 7:9 a.m.7 views

CVE-2026-50208 Permissive TrustAllCerts TLS Verification

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

9.2CVSS5.8AI score0.00141EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:9 a.m.9 views

EUVD-2026-34220

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

9.4CVSS5.8AI score0.00141EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.13 views

PT-2026-46160

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

9.2CVSS5.8AI score0.00141EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the disabling of standard TLS certificate verification in the high-risk TrustAllCerts routine. Combined with the hardcoded DES...

9.4CVSS5.3AI score0.00141EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:17 p.m.7 views

CVE-2025-68637

The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle MITM attacks. This...

9.1CVSS0.0022EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/07 9:39 a.m.25 views

CVE-2025-68637 Apache Uniffle: Insecure SSL Configuration in Uniffle HTTP Client

The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle MITM attacks. This...

0.0022EPSS
Exploits0References1
Veracode
Veracode
added 2025/11/20 7:25 a.m.6 views

Improper Certificate Validation

org.opensearch.dataprepper.plugins, opensearch is vulnerable to Improper Certificate Validation. The vulnerability is due to the plugins defaulting to a “trust-all” SSL configuration when no certificate path is provided, which allows an attacker to perform man-in-the-middle interception and...

7.4CVSS6.9AI score0.00178EPSS
Exploits0References6Affected Software3
Vulnrichment
Vulnrichment
added 2025/10/15 5:25 p.m.1 views

CVE-2025-62371 OpenSearch Data Prepper plugins trusts all SSL certificates by default

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugin...

7.4CVSS6.3AI score0.00178EPSS
Exploits0References4
securityvulns
securityvulns
added 2006/04/12 12:0 a.m.70 views

[SRC-Telindus advisory] - HP System Management Homepage Remote Unauthorized Access

HP System Management Homepage Remote Unauthorized Access -------------------------------------------------------- Vulnerability: Remote Authentication Bypass Product: CompaqHTTPServer/9.9 HP System Management Homepage 2.1.3.132 and above Platform: Microsoft® Windows® - Linux operating systems IA3...

0.4AI score
Exploits0
Rows per page
Query Builder