Total
1402 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-33031 | 1 Qnap | 1 File Station | 2026-06-17 | N/A | 8.8 HIGH |
| An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later | |||||
| CVE-2025-32878 | 1 Yftech | 2 Coros Pace 3, Coros Pace 3 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading firmware files, the watch requests some information about the firmware via HTTPS from the back-end API. However, the X.509 server certificate within the TLS handshake is not validated by the device. This allows an attacker within an active machine-in-the-middle position, using a TLS proxy and a self-signed certificate, to eavesdrop and manipulate the HTTPS communication. This could be abused, for example, for stealing the API access token of the assigned user account. | |||||
| CVE-2025-32745 | 1 Dell | 3 Powerflex Appliance Intelligent Catalog, Powerflex Manager, Powerflex Rack | 2026-06-17 | N/A | 4.2 MEDIUM |
| Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering. | |||||
| CVE-2025-32407 | 1 Samsung | 1 Internet | 2026-06-17 | N/A | 5.9 MEDIUM |
| Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel, allowing for Man-in-the-Middle attacks, stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This vulnerability is in an end-of-life product that is no longer maintained by the vendor. | |||||
| CVE-2025-32057 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate. First identified on Nissan Leaf ZE1 manufactured in 2020. | |||||
| CVE-2025-30669 | 1 Zoom | 3 Meeting Software Development Kit, Workplace Desktop, Workplace Virtual Desktop Infrastructure | 2026-06-17 | N/A | 4.8 MEDIUM |
| Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access. | |||||
| CVE-2025-30279 | 1 Qnap | 1 File Station | 2026-06-17 | N/A | 8.8 HIGH |
| An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later | |||||
| CVE-2025-30278 | 1 Qnap | 1 Qsync Central | 2026-06-17 | N/A | 8.8 HIGH |
| An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | |||||
| CVE-2025-30277 | 1 Qnap | 1 Qsync Central | 2026-06-17 | N/A | 8.8 HIGH |
| An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | |||||
| CVE-2025-30024 | 1 Axis | 1 Device Manager | 2026-06-17 | N/A | 6.8 MEDIUM |
| The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack. | |||||
| CVE-2025-30000 | 2026-06-17 | N/A | 6.7 MEDIUM | ||
| A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). The affected application does not properly restrict permissions of the users. This could allow a lowly-privileged attacker to escalate their privileges. | |||||
| CVE-2025-2183 | 2026-06-17 | N/A | N/A | ||
| An insufficient certificate validation issue in the Palo Alto Networks GlobalProtectâ„¢ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. | |||||
| CVE-2025-2028 | 1 Checkpoint | 1 Log Server | 2026-06-17 | N/A | 6.5 MEDIUM |
| Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs | |||||
| CVE-2025-29885 | 1 Qnap | 1 File Station | 2026-06-17 | N/A | 8.8 HIGH |
| An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later | |||||
| CVE-2025-29884 | 1 Qnap | 1 File Station | 2026-06-17 | N/A | 8.8 HIGH |
| An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later | |||||
| CVE-2025-29883 | 1 Qnap | 1 File Station | 2026-06-17 | N/A | 8.8 HIGH |
| An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later | |||||
| CVE-2025-29331 | 1 Mhsanaei | 1 3x-ui | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates | |||||
| CVE-2025-28169 | 2026-06-17 | N/A | 8.1 HIGH | ||
| BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to v3.0_13.1.7.2312290.1_0 was discovered to cend broadcasts to the manufacturer's cloud server unencrypted, allowing attackers to execute a man-in-the-middle attack. | |||||
| CVE-2025-27820 | 2 Apache, Netapp | 2 Httpclient, Ontap Tools | 2026-06-17 | N/A | 7.5 HIGH |
| A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release | |||||
| CVE-2025-27377 | 1 Altium | 1 Designer | 2026-06-17 | N/A | 5.3 MEDIUM |
| Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle (MITM) attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensitive design data. | |||||