Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (4590 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2014-5990 1 Bookjam 1 Cookbible 2025-04-12 N/A
The cookbible (aka net.bookjam.cookbible) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5991 1 Skin Conditions And Diseases Project 1 Skin Conditions And Diseases 2025-04-12 N/A
The Skin Conditions and Diseases (aka com.appsgeyser.wSkinConditions) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5992 1 Successsecrets Project 1 Successsecrets 2025-04-12 N/A
The successsecrets (aka com.alek.successsecrets) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5995 1 Ericpol 1 Ewus Mobile 2025-04-12 N/A
The eWUS mobile (aka pl.dreryk.ewustest) application 1.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5996 1 Gebrauchtwagenreport 1 Dekra Used Car Report 2025-04-12 N/A
The DEKRA Used Car Report (aka com.dekra.maengelreport) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5997 1 Autotrader.co.za 1 Auto Trader 2025-04-12 N/A
The Auto Trader (aka za.co.autotrader.android.app) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5998 1 Skydrive Assistant Project 1 Skydrive Assistant 2025-04-12 N/A
The SkyDrive Assistant (aka com.dhh.sky) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6000 1 Freshdirect 1 Freshdirect 2025-04-12 N/A
The FreshDirect (aka com.freshdirect.android) application 2.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6001 1 Gewara 1 Gewara 2025-04-12 N/A
The gewara (aka com.gewara) application 5.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6002 1 Dteenergy 1 Dte Energy 2025-04-12 N/A
The DTE Energy (aka com.dteenergy.mydte) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6005 1 Survey.com 1 Survey.com Mobile 2025-04-12 N/A
The Survey.com Mobile (aka com.survey.android) application 3.2.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6006 1 Gratta \& Vinci\? Project 1 Gratta \& Vinci\? 2025-04-12 N/A
The Gratta & Vinci? (aka com.dreamstep.wGrattaevinci) application 0.21.13167.93474 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6013 1 Nuphoto 1 Nusquare 2025-04-12 N/A
The nuSquare (aka tw.com.nuphoto.nusquare) application 1.0.78 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6016 1 Celluloidapp 1 Celluloid 2025-04-12 N/A
The Celluloid (aka com.eurisko.celluloid) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6019 1 Psychology Project 1 Psychology 2025-04-12 N/A
The psychology (aka com.alek.psychology) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6021 1 H-dvisa 1 Harley-davidson Visa 2025-04-12 N/A
The Harley-Davidson Visa (aka com.usbank.icsmobile.harleydavidson) application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6022 1 Versentbooks 1 Versent Books 2025-04-12 N/A
The Versent Books (aka com.versentbooks) application 1.1.99 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-8564 4 Canonical, Gnu, Opensuse and 1 more 8 Ubuntu Linux, Gnutls, Opensuse and 5 more 2025-04-12 N/A
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
CVE-2014-9037 3 Debian, Mageia Project, Wordpress 3 Debian Linux, Mageia, Wordpress 2025-04-12 N/A
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
CVE-2014-9596 1 Panasonic 4 Arbitrator Back-end Server Mk 2.0 Vpu, Arbitrator Back-end Server Mk 2.0 Vpu Firmware, Arbitrator Back-end Server Mk 3.0 Vpu and 1 more 2025-04-12 N/A
Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information.