Total
1402 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26478 | 1 Dell | 2 Elastic Cloud Storage, Objectscale | 2026-06-17 | N/A | 3.1 LOW |
| Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2025-24471 | 1 Fortinet | 2 Fortios, Fortisase | 2026-06-17 | N/A | 6.5 MEDIUM |
| An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate. | |||||
| CVE-2025-23118 | 2026-06-17 | N/A | 6.4 MEDIUM | ||
| An Improper Certificate Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system. | |||||
| CVE-2025-23114 | 2026-06-17 | N/A | 9.0 CRITICAL | ||
| A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate. | |||||
| CVE-2025-23091 | 2026-06-17 | N/A | 5.9 MEDIUM | ||
| An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update. | |||||
| CVE-2025-22486 | 1 Qnap | 1 File Station | 2026-06-17 | N/A | 8.8 HIGH |
| An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later | |||||
| CVE-2025-22459 | 1 Ivanti | 1 Endpoint Manager | 2026-06-17 | N/A | 4.8 MEDIUM |
| Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers. | |||||
| CVE-2025-20670 | 1 Mediatek | 46 Mt2737, Mt6813, Mt6835 and 43 more | 2026-06-17 | N/A | 5.7 MEDIUM |
| In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772. | |||||
| CVE-2025-20215 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed due to client certificate validation issues. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by monitoring local wireless or adjacent networks for client-join requests and attempting to interrupt and complete the meeting-join flow as another user who was currently joining a meeting. To successfully exploit the vulnerability, an attacker would need the capability to position themselves in a local wireless or adjacent network, to monitor and intercept the targeted network traffic flows, and to satisfy timing requirements in order to interrupt the meeting-join flow and exploit the vulnerability. A successful exploit could have allowed the attacker to join the meeting as another user. However, the Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. | |||||
| CVE-2025-20157 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2026-06-17 | N/A | 5.9 MEDIUM |
| A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper validation of certificates that are used by the Smart Licensing feature. An attacker with a privileged network position could exploit this vulnerability by intercepting traffic that is sent over the Internet. A successful exploit could allow the attacker to gain access to sensitive information, including credentials used by the device to connect to Cisco cloud services. | |||||
| CVE-2025-20126 | 2 Apple, Cisco | 3 Macos, Roomos, Thousandeyes Endpoint Agent | 2026-06-17 | N/A | 4.8 MEDIUM |
| A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate. A successful exploit could allow the attacker to masquerade as a trusted host and monitor or change communications between the remote metrics service and the vulnerable client. | |||||
| CVE-2025-1193 | 1 Devolutions | 1 Remote Desktop Manager | 2026-06-17 | N/A | 8.1 HIGH |
| Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack by presenting a certificate for a different host. | |||||
| CVE-2025-1014 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 8.8 HIGH |
| Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135. | |||||
| CVE-2025-1002 | 1 Microdicom | 1 Dicom Viewer | 2026-06-17 | N/A | 5.7 MEDIUM |
| MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server's response and deliver a malicious update to the user. | |||||
| CVE-2025-1001 | 2026-06-17 | N/A | 5.7 MEDIUM | ||
| Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modify the server's response and deliver a malicious update to the user. | |||||
| CVE-2025-15612 | 1 Wazuh | 1 Wazuh | 2026-06-17 | N/A | 4.8 MEDIUM |
| Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies or code during the build process, leading to remote code execution and supply chain compromise. | |||||
| CVE-2025-15573 | 2026-06-17 | N/A | 9.4 CRITICAL | ||
| The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices. | |||||
| CVE-2025-15557 | 1 Tp-link | 4 Tapo H100, Tapo H100 Firmware, Tapo P100 and 1 more | 2026-06-17 | N/A | 8.8 HIGH |
| An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations. | |||||
| CVE-2025-15323 | 1 Tanium | 1 Tanos | 2026-06-17 | N/A | 3.7 LOW |
| Tanium addressed an improper certificate validation vulnerability in Tanium Appliance. | |||||
| CVE-2025-14819 | 1 Haxx | 1 Curl | 2026-06-17 | N/A | 5.3 MEDIUM |
| When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not. | |||||