Total
1042 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-33142 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-08-18 | N/A | 7.5 HIGH |
| IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections. | |||||
| CVE-2023-38009 | 3 Apple, Google, Ibm | 3 Iphone Os, Android, Cognos Analytics | 2025-08-18 | N/A | 5.9 MEDIUM |
| IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. | |||||
| CVE-2025-54809 | 2025-08-13 | N/A | N/A | ||
| F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-8476 | 1 Alpsalpine | 2 Ilx-507, Ilx-507 Firmware | 2025-08-12 | N/A | 8.0 HIGH |
| Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TIDAL music streaming application. The issue results from improper certificate validation. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-26322. | |||||
| CVE-2025-8393 | 2025-08-08 | N/A | N/A | ||
| A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentials and sensitive session tokens. | |||||
| CVE-2024-47119 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-08 | N/A | 7.5 HIGH |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. | |||||
| CVE-2025-20215 | 2025-08-06 | N/A | 5.4 MEDIUM | ||
| A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed due to client certificate validation issues. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by monitoring local wireless or adjacent networks for client-join requests and attempting to interrupt and complete the meeting-join flow as another user who was currently joining a meeting. To successfully exploit the vulnerability, an attacker would need the capability to position themselves in a local wireless or adjacent network, to monitor and intercept the targeted network traffic flows, and to satisfy timing requirements in order to interrupt the meeting-join flow and exploit the vulnerability. A successful exploit could have allowed the attacker to join the meeting as another user. However, the Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. | |||||
| CVE-2025-20157 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2025-08-04 | N/A | 5.9 MEDIUM |
| A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper validation of certificates that are used by the Smart Licensing feature. An attacker with a privileged network position could exploit this vulnerability by intercepting traffic that is sent over the Internet. A successful exploit could allow the attacker to gain access to sensitive information, including credentials used by the device to connect to Cisco cloud services. | |||||
| CVE-2025-26478 | 1 Dell | 2 Elastic Cloud Storage, Objectscale | 2025-08-01 | N/A | 6.5 MEDIUM |
| Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2024-2379 | 3 Apple, Haxx, Netapp | 20 Macos, Curl, Active Iq Unified Manager and 17 more | 2025-07-30 | N/A | N/A |
| libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. | |||||
| CVE-2025-5025 | 1 Haxx | 1 Curl | 2025-07-30 | N/A | N/A |
| libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing. | |||||
| CVE-2025-36005 | 2025-07-25 | N/A | 5.9 MEDIUM | ||
| IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation. | |||||
| CVE-2023-48785 | 1 Fortinet | 1 Fortinac-f | 2025-07-25 | N/A | 4.8 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F. | |||||
| CVE-2024-40590 | 1 Fortinet | 1 Fortiportal | 2025-07-24 | N/A | N/A |
| AnĀ improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints. | |||||
| CVE-2021-1134 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network. | |||||
| CVE-2025-24471 | 1 Fortinet | 2 Fortios, Fortisase | 2025-07-22 | N/A | N/A |
| AnĀ Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate. | |||||
| CVE-2025-7095 | 1 Comodo | 1 Internet Security | 2025-07-18 | N/A | 6.1 MEDIUM |
| A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-33861 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-15 | N/A | 6.5 MEDIUM |
| IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client. | |||||
| CVE-2024-45641 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-15 | N/A | 6.5 MEDIUM |
| IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation. | |||||
| CVE-2025-48802 | 1 Microsoft | 4 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 and 1 more | 2025-07-15 | N/A | 6.5 MEDIUM |
| Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network. | |||||