Total
1402 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58125 | 1 Pawelko | 1 Freebox V6 Agent | 2026-06-17 | N/A | 4.8 MEDIUM |
| Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 agent allows attackers in MitM position to intercept traffic. | |||||
| CVE-2025-58124 | 1 Heinlein-support | 1 Check Mk Python Api | 2026-06-17 | N/A | 4.8 MEDIUM |
| Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic. | |||||
| CVE-2025-58123 | 1 Oetiker | 1 Bgp Monitoring | 2026-06-17 | N/A | 4.8 MEDIUM |
| Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic. | |||||
| CVE-2025-56231 | 1 Tonec | 1 Internet Download Manager | 2026-06-17 | N/A | 9.1 CRITICAL |
| Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections. | |||||
| CVE-2025-55109 | 1 Bmc | 1 Control-m\/agent | 2026-06-17 | N/A | 9.0 CRITICAL |
| An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed third-party or demo certificate for client authentication can bypass the need for a certificate signed by the certificate authority of the organization during authentication on the Control-M/Agent. The Control-M/Agent contains hardcoded certificates which are only trusted as fallback if an empty kdb keystore is used; they are never trusted if a PKCS#12 keystore is used. All of these certificates are now expired. In addition, the Control-M/Agent default kdb and PKCS#12 keystores contain trusted third-party certificates (external recognized CAs and default self-signed demo certificates) which are trusted for client authentication. | |||||
| CVE-2025-54809 | 1 F5 | 1 F5 Access | 2026-06-17 | N/A | 7.4 HIGH |
| F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-54607 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 7.7 HIGH |
| Authentication management vulnerability in the ArkWeb module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-54470 | 2026-06-17 | N/A | 8.6 HIGH | ||
| This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when transmitting anonymous cluster data to the telemetry server. As a result, the communication channel is susceptible to man-in-the-middle (MITM) attacks, where an attacker could intercept or modify the transmitted data. Additionally, NeuVector loads the response of the telemetry server is loaded into memory without size limitation, which makes it vulnerable to a Denial of Service(DoS) attack | |||||
| CVE-2025-53869 | 2026-06-17 | N/A | 3.7 LOW | ||
| Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates. | |||||
| CVE-2025-52919 | 2026-06-17 | N/A | 4.3 MEDIUM | ||
| In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded. | |||||
| CVE-2025-52598 | 1 Hanwhavision | 512 Knb-2000, Knb-2000 Firmware, Knb-5000n and 509 more | 2026-06-17 | N/A | 3.7 LOW |
| Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | |||||
| CVE-2025-50944 | 1 Avtech | 1 Eagleeyes\(lite\) | 2026-06-17 | N/A | 8.8 HIGH |
| An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation. | |||||
| CVE-2025-4947 | 1 Haxx | 1 Curl | 2026-06-17 | N/A | 6.5 MEDIUM |
| libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks. | |||||
| CVE-2025-4575 | 1 Openssl | 1 Openssl | 2026-06-17 | N/A | 6.5 MEDIUM |
| Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste error during minor refactoring of the code introduced this issue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate should be trusted only for the purpose of authenticating TLS servers but not for CMS signature verification and the CMS signature verification is intended to be marked as rejected with the -addreject option, the resulting CA certificate will be trusted for CMS signature verification purpose instead. Only users which use the trusted certificate format who use the openssl x509 command line application to add rejected uses are affected by this issue. The issues affecting only the command line application are considered to be Low severity. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this issue. | |||||
| CVE-2025-48802 | 1 Microsoft | 4 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 and 1 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network. | |||||
| CVE-2025-48393 | 2026-06-17 | N/A | 5.7 MEDIUM | ||
| The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton G4 PDU which is available on the Eaton download center. | |||||
| CVE-2025-46788 | 1 Zoom | 1 Workplace Desktop | 2026-06-17 | N/A | 7.4 HIGH |
| Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access. | |||||
| CVE-2025-46551 | 1 Jruby | 2 Jruby, Jruby-openssl | 2026-06-17 | N/A | 3.7 LOW |
| JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 (corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1), when verifying SSL certificates, JRuby-OpenSSL does not verify that the hostname presented in the certificate matches the one the user tries to connect to. This means a man-in-the-middle could just present any valid cert for a completely different domain they own, and JRuby would accept the cert. Anybody using JRuby to make requests of external APIs, or scraping the web, that depends on https to connect securely. JRuby-OpenSSL version 0.15.4 contains a fix for the issue. This fix is included in JRuby versions 10.0.0.1 and 9.4.12.1. | |||||
| CVE-2025-46070 | 1 Automai | 1 Botmanager | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component | |||||
| CVE-2025-44964 | 1 Bluestacks | 1 Bluestacks | 2026-06-17 | N/A | 3.9 LOW |
| A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information. | |||||