Total
1208 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64685 | 1 Jetbrains | 1 Youtrack | 2025-11-21 | N/A | 8.1 HIGH |
| In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure | |||||
| CVE-2025-12765 | 1 Pgadmin | 1 Pgadmin 4 | 2025-11-19 | N/A | 7.5 HIGH |
| pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification. | |||||
| CVE-2025-60022 | 2025-11-18 | N/A | 4.8 MEDIUM | ||
| Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on and/or tamper with an encrypted communication. | |||||
| CVE-2025-65083 | 2025-11-18 | N/A | 3.2 LOW | ||
| GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS connections from the proxy server to Internet servers succeed even for untrusted or invalid server certificates. In this scenario (which is outside of the product's design objectives), integrity protection could be bypassed. In typical cases of a proxy server for outbound HTTPS traffic from an enterprise, those connections would not succeed. (Admittedly, the usual expectation is that a client application is configured to trust an enterprise CA and does not set SSL_VERIFY_NONE.) Also, it is of course unsafe to place ~/.gosign in the home directory of an untrusted user and then have other users execute downloaded files. | |||||
| CVE-2024-10444 | 1 Synology | 1 Diskstation Manager | 2025-11-17 | N/A | 7.5 HIGH |
| Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2024-10445 | 1 Synology | 2 Beestation Os, Diskstation Manager | 2025-11-17 | N/A | 4.3 MEDIUM |
| Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors. | |||||
| CVE-2025-12047 | 2025-11-14 | N/A | 5.3 MEDIUM | ||
| A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application. | |||||
| CVE-2025-10495 | 2025-11-14 | N/A | 7.5 HIGH | ||
| A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code. | |||||
| CVE-2025-30669 | 2025-11-14 | N/A | 4.8 MEDIUM | ||
| Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access. | |||||
| CVE-2024-6219 | 1 Canonical | 1 Lxd | 2025-11-13 | N/A | 3.8 LOW |
| Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. | |||||
| CVE-2025-40744 | 2025-11-12 | N/A | 7.5 HIGH | ||
| A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks. | |||||
| CVE-2025-56231 | 2025-11-06 | N/A | 9.1 CRITICAL | ||
| Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections. | |||||
| CVE-2023-41991 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-05 | N/A | 5.5 MEDIUM |
| A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | |||||
| CVE-2025-9708 | 2025-11-04 | N/A | 6.8 MEDIUM | ||
| A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation. | |||||
| CVE-2024-23273 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 4.3 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication. | |||||
| CVE-2019-20461 | 2025-11-04 | N/A | 9.8 CRITICAL | ||
| An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP protocol to start and control video and audio services. The protocol has been partially reverse engineered. Based upon the reverse engineering, no password or username is ever transferred over this protocol. Thus, one can set up the camera connection feed with only the encoded UID. It is possible to set up sessions with the camera over the Internet by using the encoded UID and the custom UDP protocol, because authentication happens at the client side. | |||||
| CVE-2025-0239 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-11-03 | N/A | 4.0 MEDIUM |
| When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. | |||||
| CVE-2024-35140 | 1 Ibm | 1 Security Verify Access Docker | 2025-11-03 | N/A | 7.7 HIGH |
| IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416. | |||||
| CVE-2024-31872 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | N/A | 7.5 HIGH |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. | |||||
| CVE-2024-31871 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | N/A | 7.5 HIGH |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. | |||||