EUVD-2020-23964

Malware in sbrugna...

EUVD-2024-1081

Malicious code in bioql PyPI...

CVE-2025-32878

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading firmware files, the watch requests some information about the firmware via HTTPS from the back-end...

CVE-2025-24471

An Improper Certificate Validation vulnerability CWE-295 in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate...

CVE-2024-33509

An improper certificate validation vulnerability CWE-295 in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the...

CVE-2025-1001 Medixant RadiAnt DICOM Viewer Improper Certificate Validation

Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack MITM. An attacker could modify the server's response and deliver a...

CVE-2020-15133

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...

CVE-2024-23970 ChargePoint Home Flex Improper Certificate Validation

This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPTSSLVERIFYHOST setting. The issue...

CVE-2025-0239 Alt-Svc ALPN validation failure when redirected

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...

CVE-2024-48865

An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following...

PT-2023-17321 · Puppet +1 · Puppet Server +1

Name of the Vulnerable Software and Affected Versions: Puppet Server version 7.9.2 Description: A Regular Expression Denial of Service ReDoS issue was discovered in the certificate validation of Puppet Server. This issue is related to specifically crafted certificate names, which can significantl...

GHSA-GH2C-6M38-C78J PyWBEM TOCTOU vulnerability in certificate validation

PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

GHSA-8J9G-C9RP-JVG4 Salt vulnerable to Improper Certificate Validation

Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules...

ELECOM WRC-300FEBK-S Certificate Validation Error Vulnerability

The ELECOM WRC-300FEBK-S is a network camera for the home from Elecom Japan. A certificate validation error vulnerability exists in the ELECOM WRC-300FEBK-S, which can be exploited by an attacker to alter the communication response and execute arbitrary commands on the product...