EUVD-2026-5284

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...

CVE-2025-65830

Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if t...

EUVD-2025-202611

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...

CVE-2025-65830

CVE-2025-65830 describes a vulnerability in the Meatmeet Pro App where missing certificate validation enables a man-in-the-middle attack on TLS traffic. Upstream attackers could decrypt, inspect, and modify requests, potentially leading to full account compromise if active authentication tokens a...

CVE-2025-63432

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...

CVE-2025-56232

GOG Galaxy 2.0.0.2 is affected by a Missing SSL certificate validation vulnerability that enables local-network/MITM interception of update requests, potentially replacing installers or updates with malicious files. The issue is documented across multiple feeds (NVD, Red Hat, CNNVD, EUVD) with no...

EUVD-2020-4459

Malware in sbrugna...

EUVD-2013-0974

Malware in sbrugna...

EUVD-2025-12541

Malicious code in bioql PyPI...

EUVD-2025-30869

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2013-7110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof ...

CVE-2025-32878

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading firmware files, the watch requests some information about the firmware via HTTPS from the back-end...

CVE-2025-3218 IBM i improper certificate validation

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access...

firefox: Alt-Svc ALPN validation failure when redirected

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...

CVE-2024-53846

...

CVE-2024-54147 Altair GraphQL Client's desktop app does not validate HTTPS certificates

Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...

NETGEAR RAX30 信任管理问题漏洞

NETGEAR RAX30 is a WiFi 6 router from NETGEAR , supporting dual-band 2.4GHz and 5GHz with a maximum transmission rate of 2400Mbps, three external antenna design, and equipped with a 1.5GHz triple-core processor for simultaneous connection of up to 20 devices. The NETGEAR RAX30 suffers from a trus...

CVE-2024-27323

PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is not required to exploit this vulnerability. The...

libgrss 信任管理问题漏洞

libgrss is a Glib library for handling RSS, Atom and other formats of feeds. A security vulnerability exists in libgrss version 0.7.0, which stems from libgrss' inability to perform TLS certificate validation when downloading a feed, and can be exploited by remote attackers to manipulate the...

httpd: allow connecting via SSL to a backend worker when the backend keystore file's ID is 'unknown'

A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from...