CVE-2025-33099
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation.
CVE-2025-30278
An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system.
We have already fixed…
CVE-2025-30277
An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system.
We have already fixed…
CVE-2025-7390
A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.
CVE-2025-33142
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.
CVE-2025-0309
An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA…
CVE-2025-2183
An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attack…
CVE-2025-54809
F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-8393
A TLS vulnerability exists in the phone application used to manage a
connected device. The phone application accepts self-signed certificates
when establishing TLS communication which may result in
man-in-the-middle attacks on untrusted…
CVE-2025-20215
A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite con…
CVE-2025-48393
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware…
CVE-2025-2028
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs
CVE-2025-54607
Authentication management vulnerability in the ArkWeb module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-44964
A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.
CVE-2025-8476
Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploi…
CVE-2025-6037
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#cer…
CVE-2025-36005
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensiti…
CVE-2025-7395
A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION options results in the wolfSSL
client failing to properly verify the server certificate's domain name,
allowi…
CVE-2025-30024
The communication protocol used between client
and server had a flaw that could be leveraged to execute a man in the middle attack.
CVE-2025-46788
Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access.