Total
1411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51837 | 1 Meshcentral | 1 Meshcentral | 2026-06-17 | N/A | 9.8 CRITICAL |
| Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation. | |||||
| CVE-2023-51662 | 1 Snowflake | 1 Snowflake Connector | 2026-06-17 | N/A | 6.0 MEDIUM |
| The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5. | |||||
| CVE-2023-51634 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589. | |||||
| CVE-2023-50949 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2026-06-17 | N/A | 5.9 MEDIUM |
| IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706. | |||||
| CVE-2023-50454 | 1 Zammad | 1 Zammad | 2026-06-17 | N/A | 5.9 MEDIUM |
| An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers. | |||||
| CVE-2023-50356 | 1 Areal-topkapi | 1 Vision Server | 2026-06-17 | N/A | 6.5 MEDIUM |
| SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login. | |||||
| CVE-2023-50315 | 1 Ibm | 1 Websphere Application Server | 2026-06-17 | N/A | 5.3 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714. | |||||
| CVE-2023-50314 | 1 Ibm | 1 Websphere Application Server | 2026-06-17 | N/A | 5.3 MEDIUM |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713. | |||||
| CVE-2023-50179 | 1 Fortinet | 1 Fortiadc | 2026-06-17 | N/A | 4.8 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors. | |||||
| CVE-2023-50178 | 1 Fortinet | 1 Fortiadc | 2026-06-17 | N/A | 7.4 HIGH |
| An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud. | |||||
| CVE-2023-4801 | 1 Proofpoint | 1 Insider Threat Management | 2026-06-17 | N/A | 7.5 HIGH |
| An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected. | |||||
| CVE-2023-4586 | 2 Infinispan, Redhat | 2 Hot Rod, Data Grid | 2026-06-17 | N/A | 7.4 HIGH |
| A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack. | |||||
| CVE-2023-4499 | 1 Hp | 20 Elite Mt645, Mt21, Mt22 and 17 more | 2026-06-17 | N/A | 7.5 HIGH |
| A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability. | |||||
| CVE-2023-49570 | 1 Bitdefender | 1 Total Security | 2026-06-17 | N/A | 7.4 HIGH |
| A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant to be an "End Entity”. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website. | |||||
| CVE-2023-49567 | 1 Bitdefender | 1 Total Security | 2026-06-17 | N/A | 6.8 MEDIUM |
| A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate. | |||||
| CVE-2023-49312 | 1 Precisionbridge | 1 Precision Bridge | 2026-06-17 | N/A | 9.1 CRITICAL |
| Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address. | |||||
| CVE-2023-49250 | 1 Apache | 1 Dolphinscheduler | 2026-06-17 | N/A | 7.3 HIGH |
| Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue. | |||||
| CVE-2023-49247 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 7.5 HIGH |
| Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-48785 | 1 Fortinet | 1 Fortinac-f | 2026-06-17 | N/A | 4.8 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F. | |||||
| CVE-2023-48427 | 1 Siemens | 1 Sinec Ins | 2026-06-17 | N/A | 8.1 HIGH |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges. | |||||
