Monthly
OpenList versions prior to 4.1.10 disable TLS certificate verification by default in storage driver communications, enabling man-in-the-middle attacks where network-positioned attackers can intercept, decrypt, and manipulate all data exchanges with storage backends. This misconfiguration affects any deployment relying on OpenList Frontend's default settings and can be exploited via ARP spoofing, rogue access points, or compromised network infrastructure to redirect traffic to attacker-controlled servers. A patch is available in version 4.1.10 and later.
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
OpenList versions prior to 4.1.10 disable TLS certificate verification by default in storage driver communications, enabling man-in-the-middle attacks where network-positioned attackers can intercept, decrypt, and manipulate all data exchanges with storage backends. This misconfiguration affects any deployment relying on OpenList Frontend's default settings and can be exploited via ARP spoofing, rogue access points, or compromised network infrastructure to redirect traffic to attacker-controlled servers. A patch is available in version 4.1.10 and later.
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.