Total
1089 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21358 | 1 Google | 1 Android | 2025-04-30 | N/A | 7.8 HIGH |
| In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-45391 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2025-04-30 | N/A | 7.5 HIGH |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. | |||||
| CVE-2022-38666 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2025-04-30 | N/A | 7.5 HIGH |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. | |||||
| CVE-2022-42131 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-04-30 | N/A | 4.8 MEDIUM |
| Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3. | |||||
| CVE-2025-28169 | 2025-04-29 | N/A | 8.1 HIGH | ||
| BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to v3.0_13.1.7.2312290.1_0 was discovered to cend broadcasts to the manufacturer's cloud server unencrypted, allowing attackers to execute a man-in-the-middle attack. | |||||
| CVE-2025-27820 | 2025-04-29 | N/A | 7.5 HIGH | ||
| A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release | |||||
| CVE-2024-25141 | 1 Apache | 1 Apache-airflow-providers-mongo | 2025-04-28 | N/A | 9.1 CRITICAL |
| When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue. | |||||
| CVE-2022-43705 | 1 Botan Project | 1 Botan | 2025-04-25 | N/A | 9.1 CRITICAL |
| In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016). | |||||
| CVE-2022-42813 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-22 | N/A | 9.8 CRITICAL |
| A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. Processing a maliciously crafted certificate may lead to arbitrary code execution. | |||||
| CVE-2024-56521 | 1 Tcpdf Project | 1 Tcpdf | 2025-04-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely. | |||||
| CVE-2017-9567 | 1 Meafinancial | 1 Avb Bank Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-6358 | 1 Cisco | 48 Pvc2300, Pvc2300 Firmware, Rtp300 and 45 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. | |||||
| CVE-2016-5648 | 1 Acer | 1 Acer Portal | 2025-04-20 | 4.3 MEDIUM | 5.3 MEDIUM |
| Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate. | |||||
| CVE-2017-7322 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate. | |||||
| CVE-2015-7778 | 1 Gurunavi | 1 Gournavi | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks. | |||||
| CVE-2016-1186 | 1 Cybozu | 1 Kintone | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | |||||
| CVE-2017-8060 | 1 Watchguard | 1 Panda Mobile Security | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | |||||
| CVE-2017-9576 | 1 Mononabank | 1 Middleton Community Bank Mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "Middleton Community Bank Mobile Banking" by Middleton Community Bank app 3.0.0 -- aka middleton-community-bank-mobile-banking/id721843238 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-2943 | 1 Honda | 1 Moto Linc | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Honda Moto LINC 1.6.1 does not verify SSL certificates. | |||||
| CVE-2017-9588 | 1 Meafinancial | 1 Oritani Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||