Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/06/04 1:51 a.m.40 views

CVE-2026-41859

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...

7.8CVSS0.00098EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:51 a.m.8 views

CVE-2026-41859

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...

7.8CVSS5.8AI score0.00098EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 1:40 a.m.9 views

CVE-2026-41860

CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...

8.8CVSS5.8AI score0.00074EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/14 5:16 p.m.8 views

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References5
CVE
CVE
added 2026/05/14 4:15 p.m.18 views

CVE-2026-44312

CVE-2026-44312 affects the Ruby CSS Parser gem. Prior to 2.1.0 and 1.22.0, the library does not validate HTTPS connections (OpenSSL::SSL::VERIFY_NONE), allowing a MITM attacker to inject/modify CSS content when loading stylesheets over HTTPS. The issue is fixed in 2.1.0 and 1.22.0. Remediation: u...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/14 4:15 p.m.10 views

CVE-2026-44312 css_parser allows to MITM included https css urls

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Ruby CSS Parser 信任管理问题漏洞

Ruby CSS Parser is an open-source tool developed by premailer, used for loading, parsing, and cascading CSS rule sets. Versions of Ruby CSS Parser prior to 2.1.0 and 1.22.0 had a trust management vulnerability. This vulnerability stemmed from unvalidated HTTPS connections, where connections were...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 2:6 a.m.5 views

GHSA-FF6C-W6QF-7XQC CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content

Summary The CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning any HTTPS certificate—even entirely untrusted—will...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References7
Rows per page
Query Builder