CVE-2026-9058

The Szafir SDK is affected by an improper certificate verification issue where the verification process returns success (Result/@code == 0) even when the signer certificate trust status is nondetermined. This leads consuming applications to treat signatures as valid despite an unverified certific...

EUVD-2025-209921

Dell PowerFlex Manager, versions =4.6.2, contains an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering...

Ivanti Secure Access Client 信任管理问题漏洞

Ivanti Secure Access Client is a security software client developed by the American company Ivanti. Versions of Ivanti Secure Access Client prior to 22.8R6 contained a vulnerability related to trust management. This vulnerability stemmed from improper certificate verification, which could allow...

Dell PowerFlex Manager 信任管理问题漏洞

Dell PowerFlex Manager is a management tool developed by Dell, Inc. Versions of Dell PowerFlex Manager prior to 4.6.2 contained a trust management vulnerability. This vulnerability stemmed from improper certificate verification, which could allow unauthenticated attackers with access to adjacent...

EUVD-2026-30099

An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can...

EUVD-2026-30100

Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subn...

PT-2026-40773

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect app affected versions not specified Description Improper certificate validation allows an attacker to intercept encrypted communications and potentially compromise the endpoint. A local non-administrative...

CVE-2026-41872

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server...

PT-2026-39937

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the SignedPublicKeysTrustValidatorImpl.isTrusted function. An attacker can bypass signature verification and gain unauthorized access by providing any structurally valid ECDSA signature, as the boolea...

EUVD-2026-28394

An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates...

Improper Certificate Validation allows MITM injection of remote CSS content

Summary The CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning any HTTPS certificate—even entirely untrusted—will...

CVE-2025-10539

CVE-2025-10539 : DeskTime Time Tracking App contains improper TLS certificate validation before version 1.3.674. An attacker who can position themselves in the network path between the client and DeskTime update servers can respond to an update request with a malicious executable, resulting in us...

PT-2026-35686

Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the certificate authentication process when disablebinding=true is set. An attacker can extend the lifetime of dynamic leases held by the original token by renewing tokens using a sibling certificate a...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/tls [CVE-2025-68121]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/tls, due to false validation between the initial handshake and the resumed handshake when the Config has its ClientCAs or RootCAs fields mutated CVE-2025-68121. Crypto/tls is used in our speech...

Siemens Analytics Toolkit

SUMMARY Multiple Siemens applications are affected by improper certificate validation in Siemens Analytics Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for the affected products and recommends to update to...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of URI name constraints during certificate chain verification in the ConfirmNameConstraints process. An attacker can bypass intended certificate restrictions by presenting a...

Improper Certificate Validation

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Certificate Validation in getSSLHostConfig, which does not sufficiently account for all protocol host name inputs. An attacker can access sensitive...

CVE-2026-33753 Improper Certificate Validation in rfc3161-client

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...