Lucene search
K

20 matches found

Vulnrichment
Vulnrichment
added 2026/05/25 1:23 p.m.10 views

CVE-2026-9058 Improper Certificate Verification in Szafir SDK

Szafir SDK returns a success status code from the cryptographic digital signature verification process i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified" even when the trust status of the signer's certificate could not be established i.e...

9.3CVSS5.9AI score0.00307EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 7:43 a.m.12 views

MAL-2026-3694 Malicious code in mymaldependency (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38372ffa2ec19cee68f769508d95ffb4f5c1878aeae058ce3e7a33b947d06cf1 MyMalDependencypackage/init.py executes on every import: it calls os.uname and os.getcwd, writes the results to./trans.txt in the installer's working...

6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.17 views

PT-2026-38404

Name of the Vulnerable Software and Affected Versions css parser versions prior to 1.22.0 css parser versions prior to 2.1.0 Description The software fails to validate HTTPS connections when loading stylesheets, which allows a Man-in-the-Middle MITM attacker to inject or modify CSS content. This...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References7
OSV
OSV
added 2026/04/02 12:3 a.m.3 views

GHSA-GVRJ-CJCH-728P Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster

Impact Any Juju controller since 3.2.0. An attacker with only route-ability to the target juju controller Dqlite cluster endpoint may join the Dqlite cluster, read and modify all information, including escalating privileges, open firewall ports etc. This is due to not checking the client...

10CVSS5.9AI score0.00381EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.4 views

CVE-2025-40896

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

6.5CVSS5.9AI score0.00111EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.11 views

Altium Designer security vulnerabilities

Altium Designer is an electronic design automation software developed by Altium Corporation in the United States. Version 24.9.0 of Altium Designer contains a security vulnerability. This vulnerability stems from unverified self-signed server certificates connected to the cloud, which may lead to...

5.3CVSS5.8AI score0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-6113

Malware in sbrugna...

5.9CVSS5.9AI score0.00501EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.5 views

PT-2025-28372 · Siemens · Sicam Toolbox Ii

Name of the Vulnerable Software and Affected Versions: SICAM TOOLBOX II versions prior to V07.11 Description: A issue has been identified in the application where it fails to check the extended key usage attribute of a device's certificate when establishing an HTTPS connection to the TLS server o...

8.1CVSS6.7AI score0.00173EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 8:58 p.m.5 views

CVE-2021-20108

Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be executed due to...

7.5CVSS7.2AI score0.02962EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:39 p.m.9 views

CVE-2020-5522

The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

7.4CVSS6.2AI score0.0052EPSS
Exploits0References1
OSV
OSV
added 2022/09/01 6:15 p.m.5 views

UBUNTU-CVE-2022-2996

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

7.4CVSS6.8AI score0.00508EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/01 6:15 p.m.4 views

CVE-2022-2996

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

7.4CVSS5.8AI score0.00508EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/04/22 8:30 p.m.18 views

CVE-2021-3898

Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker...

6.8CVSS6.8AI score0.0044EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/07/19 2:34 p.m.25 views

CVE-2021-20108

Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be executed due to...

7.9AI score0.02962EPSS
Exploits0References1
Prion
Prion
added 2020/01/27 10:15 a.m.16 views

Information disclosure

The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.8CVSS7AI score0.0052EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2014/10/19 10:55 a.m.12 views

Information disclosure

The Argus Leader Print Edition aka com.argusleader.android.prod application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.00266EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/10/19 10:0 a.m.29 views

CVE-2014-7345

The CVE-2014-7345 entry concerns the DIYChatroom Android app (package com.tapatalk.diychatroomcom) version 3.4.0. Affected component: SSL/TLS certificate verification is missing when validating server certificates, allowing a man-in-the-middle to spoof servers and reveal sensitive information via...

5.4CVSS6AI score0.00266EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/09/29 1:55 a.m.14 views

Information disclosure

The Campus Link - Campus TV HKUSU aka com.campus.tv.hkusu application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.00266EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/09/29 1:55 a.m.16 views

Information disclosure

The Math for Kids - Subtraction aka it.tinytap.attsa.deepsub application 1.2.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.00266EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/09/23 10:55 a.m.14 views

Cross site request forgery (csrf)

The Mahabharata Audiocast aka com.wordbox.mahabharataAudiocast application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.00271EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder