Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-25060 | 2026-02-03 | N/A | 8.1 HIGH | ||
| OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig() function in internal/conf/config.go. This vulnerability enables Man-in-the-Middle (MitM) attacks by disabling TLS certificate verification, allowing attackers to intercept and manipulate all storage communications. Attackers can exploit this through network-level attacks like ARP spoofing, rogue Wi-Fi access points, or compromised internal network equipment to redirect traffic to malicious endpoints. Since certificate validation is skipped, the system will unknowingly establish encrypted connections with attacker-controlled servers, enabling full decryption, data theft, and manipulation of all storage operations without triggering any security warnings. This vulnerability is fixed in 4.1.10. | |||||
| CVE-2025-56232 | 1 Cdprojekt | 1 Gog Galaxy | 2026-01-09 | N/A | 6.8 MEDIUM |
| GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle (MitM) attack to intercept update requests and replace installer or update packages with malicious files. | |||||
| CVE-2025-63432 | 1 Xtooltech | 1 Xtool Anyscan | 2025-11-28 | N/A | 4.6 MEDIUM |
| Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle (MITM) attack to intercept, decrypt, and modify traffic between the application and the update server. This serves as the basis for further attacks, including Remote Code Execution. | |||||
| CVE-2025-12553 | 1 Azure-access | 4 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 1 more | 2025-11-10 | N/A | 9.8 CRITICAL |
| Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||||
| CVE-2025-56230 | 2025-11-06 | N/A | 7.5 HIGH | ||
| Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component. | |||||
| CVE-2025-56146 | 2025-10-28 | N/A | 5.3 MEDIUM | ||
| Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity. | |||||
| CVE-2024-36755 | 1 Dlink | 2 Dir-1950, Dir-1950 Firmware | 2025-07-09 | N/A | 6.8 MEDIUM |
| D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack. | |||||
| CVE-2023-48052 | 1 Httpie | 1 Httpie | 2024-11-21 | N/A | 7.4 HIGH |
| Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | |||||
| CVE-2024-40464 | 1 Beego | 1 Beego | 2024-08-15 | N/A | 8.8 HIGH |
| An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file | |||||
| CVE-2024-41265 | 2024-08-02 | N/A | 7.5 HIGH | ||
| A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function. | |||||
| CVE-2024-41253 | 2024-08-01 | N/A | 7.1 HIGH | ||
| goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component. | |||||