Search Vulnerabilities

AlmaLinux 10AlmaLinux 8AlmaLinux 9

Claude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote Sessions

+28

Fix available

May 13, 2026

CVE-2026-43869

Apache Thrift: TSSLTransportFactory.java hostname verification

May 5, 2026

CVE-2026-41603

Apache Thrift: Java TSSLTransportFactory hostname verification

Apr 28, 2026

CVE-2026-34477

Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass

Apr 10, 2026

CVE-2025-59060

Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient

Mar 3, 2026

CVE-2026-26214

Xiaomi Galaxy FDS Android SDK <= 3.0.8 TLS Hostname Verification Disabled Enables MITM

Feb 12, 2026

CVE-2025-68637

Apache Uniffle: Insecure SSL Configuration in Uniffle HTTP Client

Jan 7, 2026

CVE-2025-68161

Apache Log4j Core: Missing TLS hostname verification in Socket appender

Dec 18, 2025

CVE-2025-25253

An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7

FortiOS

Oct 14, 2025

CVE-2024-12925

Host Header Injection in Akinsoft's QR Menu

Sep 1, 2025

CVE-2025-4295

Host Header Injection in HotelRunner's B2B

Jul 22, 2025

CVE-2024-54019

A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7

Windows

Jun 10, 2025

CVE-2025-3501

Org.keycloak.protocol.services: keycloak hostname verification

Apr 29, 2025

CVE-2025-42921

In JetBrains Toolbox App before 2

Apr 17, 2025

CVE-2025-2190

The mobile application (com

Mar 11, 2025

CVE-2024-49782

IBM OpenPages improper certificate validation

Feb 20, 2025

CVE-2024-38324

IBM Storage Defender improper certificate validation

Sep 24, 2024

CVE-2024-7346

Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation

Sep 3, 2024

CVE-2024-8285

Kroxylicious: missing upstream kafka tls hostname verification

Aug 30, 2024

CVE-2024-2462

Allow attackers to intercept or falsify data exchanges between the client and the server

Jun 11, 2024

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2026-44467

AlmaLinux 10AlmaLinux 8AlmaLinux 9

Claude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote Sessions

+28

Fix available

May 13, 2026

CVE-2026-43869

Apache Thrift: TSSLTransportFactory.java hostname verification

May 5, 2026

CVE-2026-41603

Apache Thrift: Java TSSLTransportFactory hostname verification

Apr 28, 2026

CVE-2026-34477

Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass

Apr 10, 2026

CVE-2025-59060

Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient

Mar 3, 2026

CVE-2026-26214

Xiaomi Galaxy FDS Android SDK <= 3.0.8 TLS Hostname Verification Disabled Enables MITM

Feb 12, 2026

CVE-2025-68637

Apache Uniffle: Insecure SSL Configuration in Uniffle HTTP Client

Jan 7, 2026

CVE-2025-68161

Apache Log4j Core: Missing TLS hostname verification in Socket appender

Dec 18, 2025

CVE-2025-25253

An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7

FortiOS

Oct 14, 2025

CVE-2024-12925

Host Header Injection in Akinsoft's QR Menu

Sep 1, 2025

CVE-2025-4295

Host Header Injection in HotelRunner's B2B

Jul 22, 2025

CVE-2024-54019

A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7

Windows

Jun 10, 2025

CVE-2025-3501

Org.keycloak.protocol.services: keycloak hostname verification

Apr 29, 2025

CVE-2025-42921

In JetBrains Toolbox App before 2

Apr 17, 2025

CVE-2025-2190

The mobile application (com

Mar 11, 2025

CVE-2024-49782

IBM OpenPages improper certificate validation

Feb 20, 2025

CVE-2024-38324

IBM Storage Defender improper certificate validation

Sep 24, 2024

CVE-2024-7346

Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation

Sep 3, 2024

CVE-2024-8285

Kroxylicious: missing upstream kafka tls hostname verification

Aug 30, 2024

CVE-2024-2462