CVE-2026-54323

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization...

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

CVE-2026-24934

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

ASUSTOR ADM 安全漏洞

ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1, and from version 5.0.0 to 5.1.1.RCI1 of ASUSTOR ADM. These vulnerabilities stem from the use of insecure HTTP connections in the...

CISA Thorium 安全漏洞

CISA Thorium is a highly scalable distributed malware analysis and data generation framework from the U.S. Cybersecurity and Infrastructure Security Administration CISA government division. A security vulnerability exists in CISA Thorium versions prior to 1.1.2 that stems from unvalidated TLS...

COROS PACE 3 安全漏洞

COROS PACE 3 is a GPS sports watch from the Chinese company COROS. A security vulnerability exists in COROS PACE 3 3.0808.0 and earlier versions, which stems from an unvalidated TLS certificate and could lead to a man-in-the-middle attack...

Medixant RadiAnt DICOM Viewer 信任管理问题漏洞

Medixant RadiAnt DICOM Viewer is a PACS DICOM viewer for medical imaging from Medixant. A trust management issue vulnerability exists in Medixant RadiAnt DICOM Viewer that stems from an update mechanism that does not validate certificates, which could lead to a man-in-the-middle attack...

Anbox Management Service 安全漏洞

Anbox Management Service ams is a free and open source compatibility layer from Anbox Open Source. It is designed to port mobile applications and mobile games on Android to run on GNU/Linux distributions. A security vulnerability exists in Anbox Management Service versions 1.17.0 through 1.23.0,...

bouncycastle: potential blind LDAP injection attack using a self-signed certificate

A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain...

LibreSSL 信任管理问题漏洞

LibreSSL is an open source implementation of a secure socket layer and transport layer security protocol. A security vulnerability exists in LibreSSL versions prior to 3.4.2, which stems from an error that sometimes drops unvalidated certificate chains, and an authentication bypass...

CVE-2022-20860

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus...

CVE-2021-20109

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the...