Total
1411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32330 | 1 Ibm | 1 Security Verify Access | 2026-06-17 | N/A | 7.5 HIGH |
| IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977. | |||||
| CVE-2023-31580 | 1 Networknt | 1 Light-oauth2 | 2026-06-17 | N/A | 5.9 MEDIUM |
| light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token. | |||||
| CVE-2023-31486 | 2 Http\, Perl | 2 \, Perl | 2026-06-17 | N/A | 8.1 HIGH |
| HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. | |||||
| CVE-2023-31485 | 1 Gitlab\ | 1 \ | 2026-06-17 | N/A | 5.9 MEDIUM |
| GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks. | |||||
| CVE-2023-31484 | 2 Cpanpm Project, Perl | 2 Cpanpm, Perl | 2026-06-17 | N/A | 8.1 HIGH |
| CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. | |||||
| CVE-2023-31421 | 1 Elastic | 4 Apm Server, Elastic Agent, Elastic Beats and 1 more | 2026-06-17 | N/A | 5.9 MEDIUM |
| It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected. | |||||
| CVE-2023-31190 | 1 Bluemark | 2 Dronescout Ds230, Dronescout Ds230 Firmware | 2026-06-17 | N/A | 8.1 HIGH |
| DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by anĀ Improper Authentication vulnerability during the firmware update procedure. Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which the firmware update package (.tar.bz2 file) is downloaded. An attacker with the ability to put himself in a Man-in-the-Middle situation (e.g., DNS poisoning, ARP poisoning, control of a node on the route to the endpoint, etc.) can trick the DroneScout ds230 to install a crafted malicious firmware update containing arbitrary files (e.g., executable and configuration) and gain administrative (root) privileges on the underlying Linux operating system. This issue affects DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042. | |||||
| CVE-2023-31151 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2026-06-17 | N/A | 4.7 MEDIUM |
| An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details. | |||||
| CVE-2023-30729 | 1 Samsung | 1 Email | 2026-06-17 | N/A | 8.1 HIGH |
| Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information. | |||||
| CVE-2023-30517 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2026-06-17 | N/A | 5.3 MEDIUM |
| Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server. | |||||
| CVE-2023-30516 | 1 Jenkins | 1 Image Tag Parameter | 2026-06-17 | N/A | 6.5 MEDIUM |
| Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by default. | |||||
| CVE-2023-30222 | 1 4d | 1 Server | 2026-06-17 | N/A | 7.5 HIGH |
| An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping. | |||||
| CVE-2023-2422 | 1 Redhat | 4 Enterprise Linux, Keycloak, Openshift Container Platform and 1 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients. | |||||
| CVE-2023-29501 | 1 Runsystem | 1 Jiyu Kukan Toku-toku Coupon | 2026-06-17 | N/A | 4.8 MEDIUM |
| Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. | |||||
| CVE-2023-29175 | 1 Fortinet | 2 Fortios, Fortiproxy | 2026-06-17 | N/A | 4.8 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remoteĀ FortiGuard's map server. | |||||
| CVE-2023-29000 | 1 Nextcloud | 1 Desktop | 2026-06-17 | N/A | 5.4 MEDIUM |
| The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available. | |||||
| CVE-2023-28807 | 1 Zscaler | 1 Secure Internet And Saas Access | 2026-06-17 | N/A | 5.1 MEDIUM |
| In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name Indication (SNI) enables attackers to evade network security controls by hiding their communications within legitimate traffic. | |||||
| CVE-2023-28321 | 5 Apple, Debian, Fedoraproject and 2 more | 14 Macos, Debian Linux, Fedora and 11 more | 2026-06-17 | N/A | 5.9 MEDIUM |
| An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. | |||||
| CVE-2023-28093 | 1 Pega | 1 Synchronization Engine | 2026-06-17 | N/A | 6.5 MEDIUM |
| A user with a compromised configuration can start an unsigned binary as a service. | |||||
| CVE-2023-27823 | 1 Optoma | 1 1080pstx | 2026-06-17 | N/A | 9.8 CRITICAL |
| An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials. | |||||
