Total
1157 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40590 | 1 Fortinet | 1 Fortiportal | 2025-07-24 | N/A | 4.8 MEDIUM |
| AnĀ improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints. | |||||
| CVE-2025-36005 | 2025-07-24 | N/A | 5.9 MEDIUM | ||
| IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation. | |||||
| CVE-2021-1134 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network. | |||||
| CVE-2025-6032 | 2025-07-22 | N/A | 8.3 HIGH | ||
| A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack. | |||||
| CVE-2025-24471 | 1 Fortinet | 2 Fortios, Fortisase | 2025-07-22 | N/A | 6.5 MEDIUM |
| AnĀ Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate. | |||||
| CVE-2025-20126 | 2 Apple, Cisco | 3 Macos, Roomos, Thousandeyes Endpoint Agent | 2025-07-22 | N/A | 4.8 MEDIUM |
| A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate. A successful exploit could allow the attacker to masquerade as a trusted host and monitor or change communications between the remote metrics service and the vulnerable client. | |||||
| CVE-2025-7395 | 2025-07-22 | N/A | N/A | ||
| A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allowing any certificate issued by a trusted CA to be accepted regardless of the hostname. | |||||
| CVE-2025-7095 | 1 Comodo | 1 Internet Security | 2025-07-18 | 2.6 LOW | 3.7 LOW |
| A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-27820 | 2 Apache, Netapp | 2 Httpclient, Ontap Tools | 2025-07-16 | N/A | 7.5 HIGH |
| A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release | |||||
| CVE-2023-33861 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-15 | N/A | 6.5 MEDIUM |
| IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client. | |||||
| CVE-2024-45641 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-15 | N/A | 6.5 MEDIUM |
| IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation. | |||||
| CVE-2025-48802 | 1 Microsoft | 4 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 and 1 more | 2025-07-15 | N/A | 6.5 MEDIUM |
| Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network. | |||||
| CVE-2025-46788 | 2025-07-15 | N/A | 7.4 HIGH | ||
| Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access. | |||||
| CVE-2025-30024 | 2025-07-15 | N/A | 6.8 MEDIUM | ||
| The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack. | |||||
| CVE-2025-6433 | 1 Mozilla | 1 Firefox | 2025-07-14 | N/A | 9.8 CRITICAL |
| If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability affects Firefox < 140 and Thunderbird < 140. | |||||
| CVE-2025-52919 | 2025-07-10 | N/A | 4.3 MEDIUM | ||
| In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded. | |||||
| CVE-2024-29733 | 1 Apache | 1 Apache-airflow-providers-ftp | 2025-07-10 | N/A | 2.7 LOW |
| Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.create_default_context() during FTP_TLS instantiation is used as mitigation to validate the certificates properly. This issue affects Apache Airflow FTP Provider: before 3.7.0. Users are recommended to upgrade to version 3.7.0, which fixes the issue. | |||||
| CVE-2025-29331 | 1 Mhsanaei | 1 3x-ui | 2025-07-10 | N/A | 9.8 CRITICAL |
| An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates | |||||
| CVE-2025-32989 | 2025-07-10 | N/A | 5.3 MEDIUM | ||
| A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly. | |||||
| CVE-2025-35983 | 2025-07-10 | N/A | 6.5 MEDIUM | ||
| Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides during the initial configuration of the Controller, there is no risk for Controllers once they are connected. This issue affects Controller 7000: 9.30 prior to vCR9.30.250624a (distributed in 9.30.1871 (MR1)). | |||||