An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information
An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in H
When tlsInsecure=False appears in a connection string, certificate validation is disabled.
This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5
Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are ha
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in t
An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hos
Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.
A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some ad
I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php
A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. This flaw stems from a defect
Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing au
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery (CSRF) attacks. This vulnerability
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.
An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with elevat
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.
Page 1+ Next →