Fallos del tipo CWE-297
52 resultadosCVE-2022-48308MEDIUMIt was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactoryEPSS 0.2%CVE-2026-26214CRITICALXiaomi Galaxy FDS Android SDK <= 3.0.8 TLS Hostname Verification Disabled Enables MITMEPSS 0.2%CVE-2026-35563HIGHApache Directory LDAP API: LDAP client implementation does not verify if the server certificate matches the intended LDAP hostnameEPSS 0.2%CVE-2024-7346HIGHClient connections using default TLS certificates from OpenEdge may bypass TLS host name validationEPSS 0.2%CVE-2025-42921MEDIUMIn JetBrains Toolbox App before 2.6 host key verification was missing in SSH pluginEPSS 0.2%CVE-2024-12925HIGHHost Header Injection in Akinsoft's QR MenuEPSS 0.1%CVE-2024-54019MEDIUMA improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 EPSS 0.1%CVE-2026-44467HIGHClaude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote SessionsEPSS 0.1%CVE-2026-44393HIGHAn issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname vEPSS 0.1%CVE-2026-12162MEDIUMImproper host validation in the social login autofill feature in
Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to
disclosEPSS 0.1%CVE-2025-25253MEDIUMAn Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and beEPSS 0.1%CVE-2025-4295MEDIUMHost Header Injection in HotelRunner's B2BEPSS 0.1%