Total
1325 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64685 | 1 Jetbrains | 1 Youtrack | 2025-11-21 | N/A | 8.1 HIGH |
| In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure | |||||
| CVE-2025-12765 | 1 Pgadmin | 1 Pgadmin 4 | 2025-11-19 | N/A | 7.5 HIGH |
| pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification. | |||||
| CVE-2024-10444 | 1 Synology | 1 Diskstation Manager | 2025-11-17 | N/A | 7.5 HIGH |
| Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2024-10445 | 1 Synology | 2 Beestation Os, Diskstation Manager | 2025-11-17 | N/A | 4.3 MEDIUM |
| Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors. | |||||
| CVE-2024-6219 | 1 Canonical | 1 Lxd | 2025-11-13 | N/A | 3.8 LOW |
| Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. | |||||
| CVE-2023-41991 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-05 | N/A | 5.5 MEDIUM |
| A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | |||||
| CVE-2024-35140 | 1 Ibm | 1 Security Verify Access Docker | 2025-11-03 | N/A | 7.7 HIGH |
| IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416. | |||||
| CVE-2024-31872 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | N/A | 7.5 HIGH |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. | |||||
| CVE-2024-31871 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | N/A | 7.5 HIGH |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. | |||||
| CVE-2024-25053 | 1 Ibm | 1 Cognos Analytics | 2025-11-03 | N/A | 5.9 MEDIUM |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between IBM Planning Analytics server and IBM Cognos Analytics server. IBM X-Force ID: 283364. | |||||
| CVE-2023-43017 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | N/A | 8.2 HIGH |
| IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155. | |||||
| CVE-2023-32330 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | N/A | 7.5 HIGH |
| IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977. | |||||
| CVE-2023-31484 | 2 Cpanpm Project, Perl | 2 Cpanpm, Perl | 2025-11-03 | N/A | 8.1 HIGH |
| CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. | |||||
| CVE-2021-37698 | 2 Debian, Icinga | 2 Debian Linux, Icinga | 2025-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate despite a certificate authority being specified. Icinga 2 instances which connect to any of the mentioned time series databases (TSDBs) using TLS over a spoofable infrastructure should immediately upgrade to version 2.13.1, 2.12.6, or 2.11.11 to patch the issue. Such instances should also change the credentials (if any) used by the TSDB writer feature to authenticate against the TSDB. There are no workarounds aside from upgrading. | |||||
| CVE-2024-45234 | 1 Nicmx | 1 Fort-validator | 2025-11-03 | N/A | 7.5 HIGH |
| An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing. | |||||
| CVE-2021-3935 | 4 Debian, Fedoraproject, Pgbouncer and 1 more | 4 Debian Linux, Fedora, Pgbouncer and 1 more | 2025-11-03 | 5.1 MEDIUM | 8.1 HIGH |
| When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1. | |||||
| CVE-2022-39334 | 1 Nextcloud | 1 Desktop | 2025-11-03 | N/A | 3.9 LOW |
| Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or credentials to a network attacker. This affects the CLI only. It does not affect the standard GUI desktop Nextcloud clients, and it does not affect the Nextcloud server. | |||||
| CVE-2025-11633 | 1 Furbo | 4 Furbo 360 Dog Camera, Furbo 360 Dog Camera Firmware, Furbo Mini and 1 more | 2025-10-30 | 2.6 LOW | 3.7 LOW |
| A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is the function upload_file_to_s3 of the file collect_logs.sh of the component HTTP Traffic Handler. The manipulation leads to improper certificate validation. The attack may be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-26923 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-30 | 9.0 HIGH | 8.8 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2024-30134 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2025-10-30 | N/A | 6.7 MEDIUM |
| The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application. | |||||