Monthly
Improper certificate validation in Windows Cryptographic Services allows an unauthorized attacker to bypass a security feature over a network.
Privilege escalation in Microsoft's Azure Monitor Agent (specifically the Metrics Extension) lets an unauthenticated attacker on an adjacent network gain elevated privileges by exploiting improper TLS certificate validation (CWE-295). Because the agent fails to properly verify the certificate of the endpoint it communicates with, an attacker positioned on the same broadcast/logical network segment can impersonate a trusted server and hijack the agent's privileged context, yielding high confidentiality, integrity, and availability impact. Microsoft rates it CVSS 8.8; there is currently no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local privilege escalation in the Windows Active Directory certificate-validation path lets an already-authenticated attacker on Windows 10 (1607/1809) and Windows Server 2016 through 2025 (including Server Core) improperly validate a certificate to gain higher privileges. Microsoft reported and patched the flaw (CWE-295), but there is no public exploit identified at time of analysis and it is not on CISA KEV. The CVSS 7.8 vector (AV:L/PR:L) confirms an authenticated local attacker with full confidentiality, integrity, and availability impact upon success.
Improper TLS certificate validation in Fortinet FortiClientEMS (Endpoint Management Server) exposes sensitive information to network-positioned attackers across FortiClientEMS 7.2 (all listed builds up to 7.2.14), 7.4.0–7.4.1, and 7.4.3–7.4.5. Because the client fails to properly verify server certificates (CWE-295), an attacker able to intercept EMS communications can decrypt or observe protected traffic to disclose information. There is no public exploit identified at time of analysis and CISA SSVC scores exploitation as 'none', but Fortinet rates the flaw CVSS 9.8, so patching should be prioritized despite the lack of observed exploitation.
Remote code execution affects the Lorex 2K Indoor Wi-Fi Security Camera through improper TLS certificate validation in its device management server, allowing a network-adjacent attacker to impersonate the management server and, when chained with additional flaws, run code as root without any user interaction. The issue was reported through Trend Micro's Zero Day Initiative (ZDI-26-399, formerly ZDI-CAN-26851). There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Man-in-the-middle code injection in DIRAC's grid pilot bootstrap affects the DIRACGrid Python distributed-computing framework, where the PilotWrapper explicitly disables TLS certificate validation when fetching the second-stage pilot.tar. Because both the payload and its reference checksum traverse the same unverified HTTPS channel, an attacker positioned on the grid site's network can substitute arbitrary code that runs in the pilot context with access to its proxy/credentials. No public exploit identified at time of analysis; exploitation requires an active network intercept, which the vendor notes is non-trivial, but the CVSS is 8.1 due to full CIA impact.
Man-in-the-middle interception and traffic manipulation in the EVbee Service Android app (v1.4.101.00) is possible because the app negotiates HTTPS but never validates the server's TLS certificate, and further protects payloads only with RC4 under a hardcoded key. An attacker positioned on the network path can decrypt and alter app-to-server traffic and harvest charging-station access codes. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is trivially reproducible with standard interception tooling.
TLS certificate validation bypass in cpp-httplib's Mbed TLS backend (0.31.0-0.46.1) and wolfSSL backend (0.33.0-0.46.1) lets a man-in-the-middle attacker defeat HTTPS/WSS protection when a client connects to an IP-literal host with verification nominally enabled. SSLClient/Client in HTTPS mode skip certificate chain validation and the WebSocketClient on Mbed TLS skips verification entirely, so an intercepting attacker can present a crafted certificate and read or alter traffic. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw is fixed in 0.47.0.
Improper certificate validation in the Palo Alto Networks Prisma Access Agent for iOS exposes VPN tunnel traffic to interception and manipulation by a network-adjacent attacker. The flaw (CWE-295) enables a man-in-the-middle position to defeat the agent's TLS/certificate trust chain, allowing an adversary to read or alter traffic that the iOS client believes is securely tunneled. Exploitation is limited to iOS deployments - the Windows, macOS, Linux, Android, and ChromeOS agents are confirmed unaffected. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog.
Certificate revocation bypass in etcd affects clusters running versions before 3.5.32 and before 3.6.13 that are configured with --listen-client-http-urls to serve HTTP and gRPC client traffic on separate listeners. In that split-listener mode the --client-crl-file Certificate Revocation List is silently ignored on the gRPC listener, so a client presenting a certificate the operator has explicitly revoked can still complete mutual-TLS authentication and gain full read/write access to the key-value store. There is no public exploit identified at time of analysis and EPSS is low (0.36%), but the technical impact is total for anyone relying on CRL-based deauthorization.
Improper certificate validation in Windows Cryptographic Services allows an unauthorized attacker to bypass a security feature over a network.
Privilege escalation in Microsoft's Azure Monitor Agent (specifically the Metrics Extension) lets an unauthenticated attacker on an adjacent network gain elevated privileges by exploiting improper TLS certificate validation (CWE-295). Because the agent fails to properly verify the certificate of the endpoint it communicates with, an attacker positioned on the same broadcast/logical network segment can impersonate a trusted server and hijack the agent's privileged context, yielding high confidentiality, integrity, and availability impact. Microsoft rates it CVSS 8.8; there is currently no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local privilege escalation in the Windows Active Directory certificate-validation path lets an already-authenticated attacker on Windows 10 (1607/1809) and Windows Server 2016 through 2025 (including Server Core) improperly validate a certificate to gain higher privileges. Microsoft reported and patched the flaw (CWE-295), but there is no public exploit identified at time of analysis and it is not on CISA KEV. The CVSS 7.8 vector (AV:L/PR:L) confirms an authenticated local attacker with full confidentiality, integrity, and availability impact upon success.
Improper TLS certificate validation in Fortinet FortiClientEMS (Endpoint Management Server) exposes sensitive information to network-positioned attackers across FortiClientEMS 7.2 (all listed builds up to 7.2.14), 7.4.0–7.4.1, and 7.4.3–7.4.5. Because the client fails to properly verify server certificates (CWE-295), an attacker able to intercept EMS communications can decrypt or observe protected traffic to disclose information. There is no public exploit identified at time of analysis and CISA SSVC scores exploitation as 'none', but Fortinet rates the flaw CVSS 9.8, so patching should be prioritized despite the lack of observed exploitation.
Remote code execution affects the Lorex 2K Indoor Wi-Fi Security Camera through improper TLS certificate validation in its device management server, allowing a network-adjacent attacker to impersonate the management server and, when chained with additional flaws, run code as root without any user interaction. The issue was reported through Trend Micro's Zero Day Initiative (ZDI-26-399, formerly ZDI-CAN-26851). There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Man-in-the-middle code injection in DIRAC's grid pilot bootstrap affects the DIRACGrid Python distributed-computing framework, where the PilotWrapper explicitly disables TLS certificate validation when fetching the second-stage pilot.tar. Because both the payload and its reference checksum traverse the same unverified HTTPS channel, an attacker positioned on the grid site's network can substitute arbitrary code that runs in the pilot context with access to its proxy/credentials. No public exploit identified at time of analysis; exploitation requires an active network intercept, which the vendor notes is non-trivial, but the CVSS is 8.1 due to full CIA impact.
Man-in-the-middle interception and traffic manipulation in the EVbee Service Android app (v1.4.101.00) is possible because the app negotiates HTTPS but never validates the server's TLS certificate, and further protects payloads only with RC4 under a hardcoded key. An attacker positioned on the network path can decrypt and alter app-to-server traffic and harvest charging-station access codes. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is trivially reproducible with standard interception tooling.
TLS certificate validation bypass in cpp-httplib's Mbed TLS backend (0.31.0-0.46.1) and wolfSSL backend (0.33.0-0.46.1) lets a man-in-the-middle attacker defeat HTTPS/WSS protection when a client connects to an IP-literal host with verification nominally enabled. SSLClient/Client in HTTPS mode skip certificate chain validation and the WebSocketClient on Mbed TLS skips verification entirely, so an intercepting attacker can present a crafted certificate and read or alter traffic. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw is fixed in 0.47.0.
Improper certificate validation in the Palo Alto Networks Prisma Access Agent for iOS exposes VPN tunnel traffic to interception and manipulation by a network-adjacent attacker. The flaw (CWE-295) enables a man-in-the-middle position to defeat the agent's TLS/certificate trust chain, allowing an adversary to read or alter traffic that the iOS client believes is securely tunneled. Exploitation is limited to iOS deployments - the Windows, macOS, Linux, Android, and ChromeOS agents are confirmed unaffected. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog.
Certificate revocation bypass in etcd affects clusters running versions before 3.5.32 and before 3.6.13 that are configured with --listen-client-http-urls to serve HTTP and gRPC client traffic on separate listeners. In that split-listener mode the --client-crl-file Certificate Revocation List is silently ignored on the gRPC listener, so a client presenting a certificate the operator has explicitly revoked can still complete mutual-TLS authentication and gain full read/write access to the key-value store. There is no public exploit identified at time of analysis and EPSS is low (0.36%), but the technical impact is total for anyone relying on CRL-based deauthorization.