Total
1330 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50944 | 1 Avtech | 1 Eagleeyes\(lite\) | 2025-10-14 | 8.8 High |
| An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation. | ||||
| CVE-2025-5279 | 2025-10-14 | 7.5 High | ||
| When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access token. This issue has been addressed in driver version 2.1.7. Users should upgrade to address this issue and ensure any forked or derivative code is patched to incorporate the new fixes. | ||||
| CVE-2025-0501 | 2025-10-14 | 7.5 High | ||
| An issue in the native clients for Amazon WorkSpaces (when running PCoIP protocol) may allow an attacker to access remote sessions via man-in-the-middle. | ||||
| CVE-2025-0500 | 2025-10-14 | 7.5 High | ||
| An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle. | ||||
| CVE-2024-42193 | 1 Hcltech | 1 Bigfix Platform | 2025-10-09 | 8.1 High |
| HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized access. | ||||
| CVE-2025-61778 | 1 Akkadotnet | 1 Akka.net | 2025-10-08 | N/A |
| Akka.NET is a .NET port of the Akka project from the Scala / Java community. In all versions of Akka.Remote from v1.2.0 to v1.5.51, TLS could be enabled via our `akka.remote.dot-netty.tcp` transport and this would correctly enforce private key validation on the server-side of inbound connections. Akka.Remote, however, never asked the outbound-connecting client to present ITS certificate - therefore it's possible for untrusted parties to connect to a private key'd Akka.NET cluster and begin communicating with it without any certificate. The issue here is that for certificate-based authentication to work properly, ensuring that all members of the Akka.Remote network are secured with the same private key, Akka.Remote needed to implement mutual TLS. This was not the case before Akka.NET v1.5.52. Those who run Akka.NET inside a private network that they fully control or who were never using TLS in the first place are now affected by the bug. However, those who use TLS to secure their networks must upgrade to Akka.NET V1.5.52 or later. One patch forces "fail fast" semantics if TLS is enabled but the private key is missing or invalid. Previous versions would only check that once connection attempts occurred. The second patch, a critical fix, enforces mutual TLS (mTLS) by default, so both parties must be keyed using the same certificate. As a workaround, avoid exposing the application publicly to avoid the vulnerability having a practical impact on one's application. However, upgrading to version 1.5.52 is still recommended by the maintainers. | ||||
| CVE-2025-58124 | 2 Checkmk, Heinlein-support | 2 Checkmk, Check Mk Python Api | 2025-10-07 | 4.8 Medium |
| Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic. | ||||
| CVE-2024-54846 | 1 Cpplusworld | 2 Cp-vnr-3104, Cp-vnr-3104 Firmware | 2025-10-02 | 5.9 Medium |
| An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack. | ||||
| CVE-2024-54847 | 1 Cpplusworld | 2 Cp-vnr-3104, Cp-vnr-3104 Firmware | 2025-10-02 | 5.9 Medium |
| An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack. | ||||
| CVE-2024-54848 | 1 Cpplusworld | 2 Cp-vnr-3104, Cp-vnr-3104 Firmware | 2025-10-02 | 7.4 High |
| Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks. | ||||
| CVE-2024-54849 | 1 Cpplusworld | 2 Cp-vnr-3104, Cp-vnr-3104 Firmware | 2025-10-02 | 5.9 Medium |
| An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack. | ||||
| CVE-2024-5918 | 1 Paloaltonetworks | 1 Pan-os | 2025-10-01 | 4.3 Medium |
| An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate." | ||||
| CVE-2024-23970 | 1 Chargepoint | 6 Home Flex Hardwired, Home Flex Hardwired Firmware, Home Flex Nema 14-50 Plug and 3 more | 2025-09-30 | 6.5 Medium |
| This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. | ||||
| CVE-2025-35434 | 1 Cisa | 1 Thorium | 2025-09-30 | 4.2 Medium |
| CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2. | ||||
| CVE-2024-52330 | 1 Ecovacs | 40 Deebot T10, Deebot T10 Firmware, Deebot T10 Omni and 37 more | 2025-09-23 | 7.4 High |
| ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates. | ||||
| CVE-2024-52329 | 1 Ecovacs | 1 Home | 2025-09-23 | 7.4 High |
| ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens. | ||||
| CVE-2025-58123 | 2 Checkmk, Oetiker | 2 Checkmk, Bgp Monitoring | 2025-09-23 | 4.8 Medium |
| Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic. | ||||
| CVE-2025-58125 | 2 Checkmk, Pawelko | 2 Checkmk, Freebox V6 Agent | 2025-09-23 | 4.8 Medium |
| Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 agent allows attackers in MitM position to intercept traffic. | ||||
| CVE-2025-58126 | 3 Checkmk, Tomtretbar, Vmware | 3 Checkmk, Vmware Vsan, Vma | 2025-09-23 | 4.8 Medium |
| Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic. | ||||
| CVE-2025-58127 | 2 Checkmk, Tomtretbar | 2 Checkmk, Dell Powerscale | 2025-09-23 | 4.8 Medium |
| Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in MitM position to intercept traffic. | ||||