Total
1212 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-44964 | 1 Bluestacks | 1 Bluestacks | 2025-08-14 | N/A | 3.9 LOW |
| A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information. | |||||
| CVE-2025-6037 | 1 Hashicorp | 1 Vault | 2025-08-13 | N/A | 6.8 MEDIUM |
| Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. | |||||
| CVE-2025-2183 | 2025-08-13 | N/A | N/A | ||
| An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. | |||||
| CVE-2025-8476 | 1 Alpsalpine | 2 Ilx-507, Ilx-507 Firmware | 2025-08-12 | N/A | 8.0 HIGH |
| Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TIDAL music streaming application. The issue results from improper certificate validation. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-26322. | |||||
| CVE-2025-8393 | 2025-08-08 | N/A | 7.3 HIGH | ||
| A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentials and sensitive session tokens. | |||||
| CVE-2024-47119 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-08 | N/A | 5.9 MEDIUM |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. | |||||
| CVE-2023-35721 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-08-07 | N/A | 8.8 HIGH |
| NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the update functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19981. | |||||
| CVE-2025-48393 | 2025-08-06 | N/A | 5.7 MEDIUM | ||
| The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest version which is available on the Eaton download center. | |||||
| CVE-2025-20215 | 2025-08-06 | N/A | 5.4 MEDIUM | ||
| A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed due to client certificate validation issues. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by monitoring local wireless or adjacent networks for client-join requests and attempting to interrupt and complete the meeting-join flow as another user who was currently joining a meeting. To successfully exploit the vulnerability, an attacker would need the capability to position themselves in a local wireless or adjacent network, to monitor and intercept the targeted network traffic flows, and to satisfy timing requirements in order to interrupt the meeting-join flow and exploit the vulnerability. A successful exploit could have allowed the attacker to join the meeting as another user. However, the Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. | |||||
| CVE-2025-46788 | 1 Zoom | 1 Workplace Desktop | 2025-08-05 | N/A | 7.4 HIGH |
| Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access. | |||||
| CVE-2025-20157 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2025-08-04 | N/A | 5.9 MEDIUM |
| A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper validation of certificates that are used by the Smart Licensing feature. An attacker with a privileged network position could exploit this vulnerability by intercepting traffic that is sent over the Internet. A successful exploit could allow the attacker to gain access to sensitive information, including credentials used by the device to connect to Cisco cloud services. | |||||
| CVE-2025-26478 | 1 Dell | 2 Elastic Cloud Storage, Objectscale | 2025-08-01 | N/A | 3.1 LOW |
| Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2022-20814 | 1 Cisco | 1 Telepresence Video Communication Server | 2025-07-31 | N/A | 7.4 HIGH |
| A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic. Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2024-8096 | 3 Debian, Haxx, Netapp | 15 Debian Linux, Curl, Active Iq Unified Manager and 12 more | 2025-07-30 | N/A | 6.5 MEDIUM |
| When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate. | |||||
| CVE-2024-2379 | 3 Apple, Haxx, Netapp | 20 Macos, Curl, Active Iq Unified Manager and 17 more | 2025-07-30 | N/A | 6.3 MEDIUM |
| libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. | |||||
| CVE-2025-5025 | 1 Haxx | 1 Curl | 2025-07-30 | N/A | 4.8 MEDIUM |
| libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing. | |||||
| CVE-2023-48785 | 1 Fortinet | 1 Fortinac-f | 2025-07-25 | N/A | 4.8 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F. | |||||
| CVE-2024-40590 | 1 Fortinet | 1 Fortiportal | 2025-07-24 | N/A | 4.8 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints. | |||||
| CVE-2021-1134 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network. | |||||
| CVE-2025-24471 | 1 Fortinet | 2 Fortios, Fortisase | 2025-07-22 | N/A | 6.5 MEDIUM |
| An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate. | |||||