ReportizFlow
Filtered by vendor
Subscriptions
Total
1338 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11043 | 1 Br-automation | 2 Automation Studio, Studio | 2026-01-26 | 7.4 High |
| An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges. | ||||
| CVE-2025-32057 | 1 Bosch | 1 Infotainment System Ecu | 2026-01-26 | 6.5 Medium |
| The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate. First identified on Nissan Leaf ZE1 manufactured in 2020. | ||||
| CVE-2025-30024 | 1 Axis | 1 Device Manager | 2026-01-24 | 6.8 Medium |
| The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack. | ||||
| CVE-2024-50394 | 1 Qnap | 1 Helpdesk | 2026-01-22 | 8.8 High |
| An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: Helpdesk 3.3.3 and later | ||||
| CVE-2025-46070 | 1 Automai | 1 Botmanager | 2026-01-22 | 9.8 Critical |
| An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component | ||||
| CVE-2025-13034 | 2 Curl, Haxx | 2 Curl, Curl | 2026-01-20 | 5.9 Medium |
| When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification. | ||||
| CVE-2025-14819 | 2 Curl, Haxx | 2 Curl, Curl | 2026-01-20 | 5.3 Medium |
| When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not. | ||||
| CVE-2025-68161 | 1 Apache | 1 Log4j | 2026-01-20 | 4.8 Medium |
| The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName configuration attribute or the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property is set to true. This issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under the following conditions: * The attacker is able to intercept or redirect network traffic between the client and the log receiver. * The attacker can present a server certificate issued by a certification authority trusted by the Socket Appender’s configured trust store (or by the default Java trust store if no custom trust store is configured). Users are advised to upgrade to Apache Log4j Core version 2.25.3, which addresses this issue. As an alternative mitigation, the Socket Appender may be configured to use a private or restricted trust root to limit the set of trusted certificates. | ||||
| CVE-2024-31884 | 2026-01-20 | 6.5 Medium | ||
| No description is available for this CVE. | ||||
| CVE-2025-52598 | 1 Hanwhavision | 512 Knb-2000, Knb-2000 Firmware, Knb-5000n and 509 more | 2026-01-16 | 3.7 Low |
| Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | ||||
| CVE-2025-65291 | 1 Aqara | 6 Camera Hub G3, Camera Hub G3 Firmware, Hub M2 and 3 more | 2026-01-15 | 7.4 High |
| Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring. | ||||
| CVE-2023-29175 | 1 Fortinet | 2 Fortios, Fortiproxy | 2026-01-14 | 4.4 Medium |
| An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard's map server. | ||||
| CVE-2023-47537 | 1 Fortinet | 1 Fortios | 2026-01-14 | 4.4 Medium |
| An improper certificate validation vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.6, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4 all versions allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch. | ||||
| CVE-2025-30669 | 1 Zoom | 7 Meeting Software Development Kit, Workplace, Workplace App and 4 more | 2026-01-13 | 4.8 Medium |
| Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access. | ||||
| CVE-2024-47258 | 2026-01-09 | 8.1 High | ||
| 2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. 2N has currently released an updated version 3.3 of 2N Access Commander, with added Certificate Fingerprint Verification. Since version 2.2 of 2N Access Commander (released in February 2022) it is also possible to enforce TLS certificate validation.It is recommended that all customers update 2N Access Commander to the latest version and use one of two mentioned practices. | ||||
| CVE-2025-66001 | 1 Suse | 1 Neuvector | 2026-01-09 | 8.8 High |
| NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle (MITM) attacks. | ||||
| CVE-2024-30149 | 1 Hcltech | 1 Appscan Source | 2026-01-08 | 4.8 Medium |
| HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. | ||||
| CVE-2025-56231 | 1 Tonec | 1 Internet Download Manager | 2026-01-07 | 9.1 Critical |
| Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections. | ||||
| CVE-2025-14022 | 2 Apple, Linecorp | 2 Ios, Line | 2026-01-07 | 7.7 High |
| LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network processing, causing server certificate verification to be disabled for a significant portion of network traffic, which could allow a network-adjacent attacker to intercept or modify encrypted communications. | ||||
| CVE-2025-66491 | 1 Traefik | 1 Traefik | 2026-01-03 | 5.9 Medium |
| Traefik is an HTTP reverse proxy and load balancer. Versions 3.5.0 through 3.6.2 have inverted TLS verification logic in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" (intending to enable backend TLS certificate verification) actually disables verification, allowing man-in-the-middle attacks against HTTPS backends when operators believe they are protected. This issue is fixed in version 3.6.3. | ||||