552 matches found
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in OSSLCMPget1rootCaKeyUpdate. An attacker with credentials that satisfy the CMP message protection checks, such as a Registration Authority, can replace the root CA certificate held by affected CMP clien...
EUVD-2025-209921
Dell PowerFlex Manager, versions =4.6.2, contains an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to disabled TLS certificate validation in production environments. An attacker can intercept sensitive SOAP traffic, including patient identifiers, authentication operations, document content, and...
EUVD-2026-30099
An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can...
EUVD-2026-30100
Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subn...
PT-2026-40773
Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect app affected versions not specified Description Improper certificate validation allows an attacker to intercept encrypted communications and potentially compromise the endpoint. A local non-administrative...
CVE-2026-41872
"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server...
PT-2026-39937
"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the SignedPublicKeysTrustValidatorImpl.isTrusted function. An attacker can bypass signature verification and gain unauthorized access by providing any structurally valid ECDSA signature, as the boolea...
EUVD-2026-28394
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates...
Improper Certificate Validation allows MITM injection of remote CSS content
Summary The CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning any HTTPS certificate—even entirely untrusted—will...
CVE-2025-10539
CVE-2025-10539 : DeskTime Time Tracking App contains improper TLS certificate validation before version 1.3.674. An attacker who can position themselves in the network path between the client and DeskTime update servers can respond to an update request with a malicious executable, resulting in us...
PT-2026-35686
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the certificate authentication process when disablebinding=true is set. An attacker can extend the lifetime of dynamic leases held by the original token by renewing tokens using a sibling certificate a...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/tls [CVE-2025-68121]
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/tls, due to false validation between the initial handshake and the resumed handshake when the Config has its ClientCAs or RootCAs fields mutated CVE-2025-68121. Crypto/tls is used in our speech...
Siemens Analytics Toolkit
SUMMARY Multiple Siemens applications are affected by improper certificate validation in Siemens Analytics Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for the affected products and recommends to update to...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of URI name constraints during certificate chain verification in the ConfirmNameConstraints process. An attacker can bypass intended certificate restrictions by presenting a...
Improper Certificate Validation
Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Certificate Validation in getSSLHostConfig, which does not sufficiently account for all protocol host name inputs. An attacker can access sensitive...
CVE-2026-33753 Improper Certificate Validation in rfc3161-client
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...
CVE-2026-2368
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...