ReportizFlow
Filtered by vendor
Subscriptions
Total
1224 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6156 | 1 Canonical | 1 Lxd | 2025-08-26 | 3.8 Low |
| Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. | ||||
| CVE-2024-45641 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-08-26 | 6.5 Medium |
| IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation. | ||||
| CVE-2025-36041 | 1 Ibm | 2 Mq Operator, Supplied Mq Advanced Container Images | 2025-08-24 | 4.7 Medium |
| IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions. | ||||
| CVE-2025-48802 | 1 Microsoft | 4 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 and 1 more | 2025-08-23 | 6.5 Medium |
| Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2025-7390 | 1 Softing | 3 Edgeaggregator, Edgeconnector, Opc | 2025-08-22 | 9.1 Critical |
| A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication. | ||||
| CVE-2025-36005 | 1 Ibm | 2 Mq Operator, Supplied Mq Advanced Container Images | 2025-08-22 | 5.9 Medium |
| IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation. | ||||
| CVE-2024-29072 | 3 Foxit, Foxitsoftware, Microsoft | 4 Pdf Editor, Pdf Reader, Foxit Reader and 1 more | 2025-08-22 | 8.2 High |
| A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege. | ||||
| CVE-2024-3738 | 1 Cym1102 | 1 Nginxwebui | 2025-08-21 | 7.3 High |
| A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability. | ||||
| CVE-2025-54607 | 1 Huawei | 1 Harmonyos | 2025-08-20 | 7.7 High |
| Authentication management vulnerability in the ArkWeb module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-31853 | 1 Siemens | 1 Sicam Toolbox Ii | 2025-08-20 | 8.1 High |
| A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's certificate. This could allow an attacker to execute an on-path network (MitM) attack. | ||||
| CVE-2024-31854 | 1 Siemens | 1 Sicam Toolbox Ii | 2025-08-20 | 8.1 High |
| A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check device's certificate common name against an expected value. This could allow an attacker to execute an on-path network (MitM) attack. | ||||
| CVE-2025-33142 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-08-18 | 5.3 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections. | ||||
| CVE-2023-38009 | 3 Apple, Google, Ibm | 4 Iphone Os, Android, Cognos Analytics and 1 more | 2025-08-18 | 4.2 Medium |
| IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. | ||||
| CVE-2023-33861 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-08-17 | 6.5 Medium |
| IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client. | ||||
| CVE-2025-54809 | 2 F5, Google | 2 Access For Android, Android | 2025-08-17 | 7.4 High |
| F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-2183 | 1 Palo Alto Networks | 1 Globalprotect App | 2025-08-16 | N/A |
| An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. | ||||
| CVE-2024-49782 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-08-15 | 6.8 Medium |
| IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery. | ||||
| CVE-2025-0309 | 1 Netskope | 1 Netskope | 2025-08-15 | N/A |
| An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges. | ||||
| CVE-2025-44964 | 1 Bluestacks | 1 Bluestacks | 2025-08-14 | 3.9 Low |
| A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information. | ||||
| CVE-2025-6037 | 1 Hashicorp | 2 Vault, Vault Enterprise | 2025-08-13 | 6.8 Medium |
| Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. | ||||