CVE-2026-45170 Idira Privilege Cloud Connector: Potential Security Bypass due to Incomplete TLS Certificate Validation

Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17...

CVE-2026-0420

An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle MiTM style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models...

CVE-2026-0420 Missing TLS certificate validation in NETGEAR's ReadyCloud client app

An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle MiTM style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models...

CVE-2026-44213

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...

OpenTelemetry Collector Contrib 信任管理问题漏洞

OpenTelemetry Collector Contrib is an extensible telemetry data collection component library developed by OpenTelemetry - CNCF. Versions of OpenTelemetry Collector Contrib prior to 1.1.0 contained a trust management vulnerability. This vulnerability stemmed from the lack of validation of HTTPS/TL...

RHCOS 4 : OpenShift Container Platform 4.18.42 (RHSA-2026:17446)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17446 advisory. - golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 - golang: net/url: Memory exhaustion in quer...

RHCOS 4 : OpenShift Container Platform 4.17.54 (RHSA-2026:17595)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17595 advisory. - golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 - golang: net/url: Memory exhaustion in quer...

GHSA-WFR5-454P-MJC2 OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured

Summary The OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the INSTANAENDPOINTPROXY environment variable. If a network attacker can Man-in-the-Middle MitM the...

RHCOS 4 : OpenShift Container Platform 4.18.37 (RHSA-2026:6552)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6552 advisory. - crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption CVE-2025-68121 Note that Nessus has not tested for...

CVE-2025-10539 Improper TLS Certificate Validation RCE via Malicious Update in DeskTime Time Tracking App

Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...

Fortinet FortiManager Lack of TLS Certificate Validation during initial SSO Authentication (FG-IR-26-078)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-078 advisory. - A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 throu...

PT-2026-24011

Name of the Vulnerable Software and Affected Versions Taipower APP affected versions not specified Description The Taipower APP developed by Taipower exhibits an Improper Certificate Validation issue. The application does not properly validate server-side TLS/SSL certificates when establishing an...

CVE-2025-40896 Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...

CVE-2025-70058

CVE-2025-70058 affects YMFE yapi v1.12.0. The root cause is improper TLS/SSL certificate validation caused by Axios HTTPS agent configuration that sets rejectUnauthorized to false, enabling MITM-like interception. Documented in multiple sources (YAPI-related advisories and NVD/Red Hat entries). T...

CVE-2026-24932

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

Exploit for CVE-2025-65753

CVE-2025-65753 Proof of concept for CVE-2025-65753: Remote co...

CVE-2025-23114

A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate...

CVE-2019-16558

Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM...

Security update for pgadmin4

This update for pgadmin4 fixes the following issues: CVE-2025-12765: insufficient checks in the LDAP authentication flow allow a for bypass of TLS certificate validation that can lead to the stealing of bind credentials and the altering of directory responses bsc1253478. CVE-2025-12764: improper...

CVE-2025-40800

A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, NX V2412 All versions V2412.8700, NX V2506 All versions V2506.6000, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Solid Edge SE2025 All versions V225.0 Updat...