TLS
Monthly
Unbounded memory consumption in Quill's Apple notarization process allows denial of service when HTTP responses lack size validation, affecting environments with TLS-intercepting proxies or compromised certificate authorities where response manipulation is possible. An attacker positioned to intercept or modify notarization API responses can return arbitrarily large payloads to exhaust memory and crash the signing process. This impacts corporate networks and environments with trust boundary violations, though exploitation is not feasible under standard HTTPS conditions with proper certificate validation.
Quill before v0.7.1 contains a server-side request forgery vulnerability in its Apple notarization log retrieval functionality that fails to validate URL schemes and destination hosts. Exploitation requires an attacker to intercept or modify API responses, making it primarily a threat in environments with TLS-intercepting proxies, compromised certificate authorities, or other trust boundary violations. An attacker could redirect notarization requests to internal or multicast addresses, potentially exposing sensitive information or accessing restricted resources.
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. [CVSS 8.8 HIGH]
The Taipower Android application fails to validate TLS/SSL certificates during HTTPS connections, enabling unauthenticated attackers to conduct man-in-the-middle attacks against users. This vulnerability allows adversaries to intercept and modify network traffic without user awareness. No patch is currently available for this medium-severity issue (CVSS 6.5).
{env.DATABASE_URL} or {file./etc/passwd} into request headers, an unauthenticated attacker can leak sensitive system information. Public exploit code exists for this vulnerability, which is fixed in version 2.11.2.
Caddy versions 2.10.0 through 2.11.1 fail to strip client-supplied headers in the forward_auth copy_headers directive, enabling authenticated attackers to inject identity headers and escalate privileges. This authentication bypass vulnerability affects deployments relying on Caddy for request forwarding and has public exploit code available. The vulnerability requires valid authentication credentials but allows complete privilege elevation within affected systems.
Unauthenticated backup download and RCE in Nginx UI before 2.3.3. EPSS 1.0%. PoC available.
Traefik versions before 2.11.38 and 3.6.9 allow remote attackers to cause denial of service by sending incomplete TLS records to TCP routers, which causes the TLS handshake process to hang indefinitely while holding connections open. An unauthenticated attacker can exploit this by opening many stalled connections in parallel to exhaust file descriptors and goroutines, degrading or disabling the proxy service.
Static TLS fingerprint in Rakuten Viber Cloak mode enables tracking despite privacy mode.
Denial of service in Cisco Secure Firewall Threat Defense via crafted SSL packets allows unauthenticated remote attackers to crash the Snort 3 Detection Engine through a memory management logic error during SSL inspection. An attacker can exploit this vulnerability by sending malicious SSL packets through an established connection, forcing the detection engine to unexpectedly restart and interrupt security monitoring. No patch is currently available for this medium-severity issue.
Cisco Secure Firewall Threat Defense (FTD) Software is vulnerable to denial of service through improper TLS protocol implementation in the Snort 3 Detection Engine, allowing unauthenticated remote attackers to trigger unexpected restarts by sending crafted TLS packets. Successful exploitation causes the affected device to drop network traffic, creating a DoS condition affecting TLS versions prior to 1.3. No patch is currently available.
Snort 3 Detection Engine contains a vulnerability that allows attackers to cause a denial of service (DoS) condition when the Snort 3 Detection Engine rest (CVSS 5.8).
Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary commands by injecting malicious input into OpenSSL parameter fields. An attacker with valid credentials can exploit this command injection vulnerability through the utility route to gain complete system compromise. No patch is currently available for affected XWEB 500b Pro and 300d Pro devices.
Man-in-the-middle attacks in TLS/SSL certificate verification for FTPES/FTPS connections in ADM 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allow remote attackers to intercept and modify backup data and authentication credentials without patching available. The FTP Backup feature fails to properly validate certificates, enabling network traffic interception and credential compromise during secure file transfers. Affected organizations should implement network segmentation or disable FTPES/FTPS backup functionality until patches become available.
FastCGI path splitting vulnerability in Caddy before 2.11.1 allows request smuggling or path confusion when proxying to FastCGI backends (PHP-FPM). EPSS 0.19% with PoC available.
Caddy versions prior to 2.11.1 allow unauthenticated cross-origin requests to the admin API when origin enforcement is disabled, enabling attackers to remotely reconfigure the server through malicious web content loaded in a victim's browser. Public exploit code exists for this vulnerability, which can be leveraged to modify HTTP server behavior and admin listener settings without user knowledge. The vulnerability affects Caddy and TLS implementations, with no patch currently available for affected versions.
Host header case sensitivity bypass in Caddy before 2.11.1. Virtual host routing can be bypassed by using alternate casing in the Host header. PoC available.
Case sensitivity bypass in Caddy web server path matching before 2.11.1. HTTP path matchers can be bypassed using alternate casing on case-insensitive filesystems. PoC available.
TLS error swallowing in Caddy web server before 2.11.1 allows bypassing client certificate authentication. Errors in ClientCAs handling are silenced, potentially accepting invalid client certificates. PoC available.
Caddy versions prior to 2.11.1 fail to sanitize backslashes in file path matching, allowing attackers to bypass path-based security controls through specially crafted requests. The vulnerability affects systems with specific Caddy configurations and has public exploit code available. Exploitation requires network access with no authentication, resulting in limited information disclosure or modification of restricted resources.
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests [CVSS 7.4 HIGH]
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTPS request options when 'jx_obj.IsSecure' is true [CVSS 7.4 HIGH]
Improper certificate validation in Ayms node-To master Node.js module. The application does not properly validate TLS certificates, enabling man-in-the-middle attacks.
uTLS versions 1.6.7 and below fail to validate TLS 1.3 downgrade protection mechanisms, allowing network attackers to force ClientHello modifications that cause servers to respond with lower TLS versions while bypassing detection checks. An active attacker can exploit this to downgrade encrypted connections to TLS 1.2 or earlier, potentially exposing traffic to known cryptographic weaknesses. Affected users of uTLS, Red Hat, and other TLS implementations should update to patched versions immediately.
OpenClaw's mDNS/Bonjour discovery beacons transmit unauthenticated TXT records that iOS, macOS, and Android clients treat as authoritative for routing and TLS certificate pinning, allowing an attacker on a shared LAN to advertise a rogue service and redirect connections to attacker-controlled endpoints. An attacker can exploit this to bypass TLS pinning validation and potentially capture Gateway credentials through man-in-the-middle attacks. The vulnerability affects OpenClaw versions prior to 2026.2.14 and requires network proximity but no user interaction.
MajorDoMo home automation platform is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method without authentication due to improper use of gr() (which reads from $_REQUEST), allowing attackers to redirect update URLs and push malicious code packages.
TLS certification mechanism of Guardian Gryphon v01.06.0006.22 is affected by improper certificate validation (CVSS 7.5).
Galaxy FDS Android SDK version 3.0.8 and earlier disable TLS hostname verification by default, allowing attackers to perform man-in-the-middle attacks against applications using the library. All applications leveraging this SDK with default configuration are vulnerable to interception and modification of communications with Xiaomi FDS cloud storage, potentially compromising authentication credentials and file contents. No patch is currently available, and the affected open source project has reached end-of-life status.
SumatraPDF versions 3.5.0 through 3.5.2 fail to validate TLS certificates during software updates and execute installers without signature verification, allowing network attackers to perform man-in-the-middle attacks and inject malicious code. An attacker with any valid TLS certificate can intercept update requests and redirect users to a malicious installer, achieving arbitrary code execution on Windows systems. Public exploit code exists for this vulnerability and no patch is currently available.
DataHub versions prior to 1.3.1.8 are vulnerable to man-in-the-middle attacks during LDAP authentication due to insufficient TLS certificate validation, allowing attackers on the network to intercept and eavesdrop on sensitive authentication credentials. An unauthenticated attacker can downgrade the TLS connection to capture plaintext LDAP credentials without requiring user interaction. No patch is currently available for affected deployments.
Client-certificate-auth middleware for Node.js versions 0.2.1 and 0.3.0 fails to validate the Host header when redirecting HTTP requests to HTTPS, enabling attackers to craft malicious redirects that direct users to arbitrary domains. Public exploit code exists for this open redirect vulnerability, and no patch is currently available for affected versions.
Multiple stored XSS vulnerabilities in Axigen Mail Server before 10.5.57 WebAdmin interface allow authenticated administrators to inject persistent malicious scripts that execute in other admin sessions.
Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). [CVSS 8.1 HIGH]
Alist file manager has an improper certificate validation vulnerability allowing MITM attacks that could compromise file operations and stored credentials.
Improper TLS/SSL certificate validation in ADM's DDNS update function (versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.1.RCI1) enables remote man-in-the-middle attacks to intercept HTTPS communications and extract sensitive data including user email, MD5 hashed passwords, and device serial numbers. An unauthenticated attacker on the network can exploit this weakness without user interaction to compromise DDNS update credentials. No patch is currently available for affected versions.
OpenList versions prior to 4.1.10 disable TLS certificate verification by default in storage driver communications, enabling man-in-the-middle attacks where network-positioned attackers can intercept, decrypt, and manipulate all data exchanges with storage backends. This misconfiguration affects any deployment relying on OpenList Frontend's default settings and can be exploited via ARP spoofing, rogue access points, or compromised network infrastructure to redirect traffic to attacker-controlled servers. A patch is available in version 4.1.10 and later.
Amazon SageMaker Python SDK versions prior to v2.256.0 or v3.1.1 disable TLS certificate verification when importing Triton Python models, enabling attackers to perform man-in-the-middle attacks by presenting invalid or self-signed certificates. This vulnerability affects organizations using the affected SDK versions for model imports over HTTPS connections. No patch is currently available for this vulnerability.
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. [CVSS 5.3 MEDIUM]
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. [CVSS 7.7 HIGH]
Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. [CVSS 5.9 MEDIUM]
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. [CVSS 5.5 MEDIUM]
Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. [CVSS 5.9 MEDIUM]
The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 - 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. [CVSS 6.5 MEDIUM]
EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. [CVSS 7.4 HIGH]
Siebel Customer Relationship Management Deployment contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 7.5).
Node.js TLS servers using PSK or ALPN callbacks are vulnerable to denial of service when these callbacks throw unhandled synchronous exceptions during the TLS handshake. Remote attackers can exploit this by sending specially crafted TLS handshake requests to trigger resource exhaustion or process crashes, either through immediate termination or silent file descriptor leaks. No patch is currently available for this vulnerability.
A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. [CVSS 7.5 HIGH]
An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions up to 6.5 is affected by improper certificate validation (CVSS 7.4).
Denial of service in Traefik versions prior to 2.11.35 and 3.6.7 allows unauthenticated remote attackers to exhaust server resources by establishing incomplete ACME TLS-ALPN connections and leaving them open indefinitely. An attacker can send minimal ClientHello messages with the acme-tls/1 protocol and cease responding, causing goroutines and file descriptors to be held until the entry point becomes unavailable. The vulnerability affects systems with ACME TLS challenge enabled.
Malformed SSL packets can trigger a Denial-of-Service condition in Juniper SRX devices running Junos OS with UTM Web-Filtering enabled, causing Forwarding Processor Card (FPC) crashes and restarts without requiring authentication. An unauthenticated network-based attacker can exploit this input validation flaw in the Web-Filtering module to disrupt device availability across affected Junos versions (23.2R2-S2 through 24.4R2). No patches are currently available for earlier Junos versions, and affected systems remain vulnerable until updates are applied.
Junos Space versions up to 24.1 is affected by use of a broken or risky cryptographic algorithm (CVSS 5.9).
Credential theft via Lua script execution in Envoy Gateway versions before 1.5.7 and 1.6.2 allows authenticated attackers to extract proxy credentials and subsequently access the control plane and all associated secrets including TLS private keys. Public exploit code exists for this vulnerability. Affected organizations running vulnerable Envoy Gateway instances should immediately upgrade as no patch is currently available for intermediate versions.
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. [CVSS 2.5 LOW]
Errands before 46.2.10 does not verify TLS certificates for CalDAV servers. [CVSS 8.2 HIGH]
NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. [CVSS 8.8 HIGH]
When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. [CVSS 5.3 MEDIUM]
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. [CVSS 6.3 MEDIUM]
A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced.
Uniffle HTTP client (before 0.10.0) trusts all SSL certificates and disables hostname verification by default, exposing all REST API communication between the CLI and Coordinator to man-in-the-middle attacks.
Improper IV handling in libtpms 0.10.0 and 0.10.1 causes the library to return initial instead of final initialization vectors during symmetric cipher operations with OpenSSL 3.x, potentially weakening cryptographic security for local users who can interact with the TPM emulation. Public exploit code exists for this vulnerability affecting confidentiality of encrypted data. Update to libtpms 0.10.2 to remediate.
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration. [CVSS 3.4 LOW]
CVE-2025-49812 is an HTTP request smuggling/desynchronization vulnerability in Apache HTTP Server's mod_ssl that allows man-in-the-middle attackers to hijack HTTPS sessions by exploiting improper handling of TLS upgrades. Only Apache HTTP Server versions through 2.4.63 with 'SSLEngine optional' configurations are affected, enabling session hijacking with high confidentiality and integrity impact. The vulnerability requires network-level access and careful timing but does not require user interaction or privileges; upgrade to 2.4.64 (which removes TLS upgrade support entirely) is the recommended mitigation.
CVE-2025-23048 is an authentication bypass vulnerability in Apache HTTP Server 2.4.35-2.4.63 affecting mod_ssl configurations with multiple virtual hosts using different client certificate restrictions. An attacker with valid client certificates trusted by one virtual host can exploit TLS 1.3 session resumption to access another restricted virtual host if SSLStrictSNIVHostCheck is not enabled, achieving unauthorized access to confidential information and potentially modifying data. This is a network-accessible vulnerability with no authentication required and high real-world impact.
CVE-2024-47252 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.
A remote code execution vulnerability in IDF (CVSS 8.3). High severity vulnerability requiring prompt remediation.
Unbounded memory consumption in Quill's Apple notarization process allows denial of service when HTTP responses lack size validation, affecting environments with TLS-intercepting proxies or compromised certificate authorities where response manipulation is possible. An attacker positioned to intercept or modify notarization API responses can return arbitrarily large payloads to exhaust memory and crash the signing process. This impacts corporate networks and environments with trust boundary violations, though exploitation is not feasible under standard HTTPS conditions with proper certificate validation.
Quill before v0.7.1 contains a server-side request forgery vulnerability in its Apple notarization log retrieval functionality that fails to validate URL schemes and destination hosts. Exploitation requires an attacker to intercept or modify API responses, making it primarily a threat in environments with TLS-intercepting proxies, compromised certificate authorities, or other trust boundary violations. An attacker could redirect notarization requests to internal or multicast addresses, potentially exposing sensitive information or accessing restricted resources.
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. [CVSS 8.8 HIGH]
The Taipower Android application fails to validate TLS/SSL certificates during HTTPS connections, enabling unauthenticated attackers to conduct man-in-the-middle attacks against users. This vulnerability allows adversaries to intercept and modify network traffic without user awareness. No patch is currently available for this medium-severity issue (CVSS 6.5).
{env.DATABASE_URL} or {file./etc/passwd} into request headers, an unauthenticated attacker can leak sensitive system information. Public exploit code exists for this vulnerability, which is fixed in version 2.11.2.
Caddy versions 2.10.0 through 2.11.1 fail to strip client-supplied headers in the forward_auth copy_headers directive, enabling authenticated attackers to inject identity headers and escalate privileges. This authentication bypass vulnerability affects deployments relying on Caddy for request forwarding and has public exploit code available. The vulnerability requires valid authentication credentials but allows complete privilege elevation within affected systems.
Unauthenticated backup download and RCE in Nginx UI before 2.3.3. EPSS 1.0%. PoC available.
Traefik versions before 2.11.38 and 3.6.9 allow remote attackers to cause denial of service by sending incomplete TLS records to TCP routers, which causes the TLS handshake process to hang indefinitely while holding connections open. An unauthenticated attacker can exploit this by opening many stalled connections in parallel to exhaust file descriptors and goroutines, degrading or disabling the proxy service.
Static TLS fingerprint in Rakuten Viber Cloak mode enables tracking despite privacy mode.
Denial of service in Cisco Secure Firewall Threat Defense via crafted SSL packets allows unauthenticated remote attackers to crash the Snort 3 Detection Engine through a memory management logic error during SSL inspection. An attacker can exploit this vulnerability by sending malicious SSL packets through an established connection, forcing the detection engine to unexpectedly restart and interrupt security monitoring. No patch is currently available for this medium-severity issue.
Cisco Secure Firewall Threat Defense (FTD) Software is vulnerable to denial of service through improper TLS protocol implementation in the Snort 3 Detection Engine, allowing unauthenticated remote attackers to trigger unexpected restarts by sending crafted TLS packets. Successful exploitation causes the affected device to drop network traffic, creating a DoS condition affecting TLS versions prior to 1.3. No patch is currently available.
Snort 3 Detection Engine contains a vulnerability that allows attackers to cause a denial of service (DoS) condition when the Snort 3 Detection Engine rest (CVSS 5.8).
Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary commands by injecting malicious input into OpenSSL parameter fields. An attacker with valid credentials can exploit this command injection vulnerability through the utility route to gain complete system compromise. No patch is currently available for affected XWEB 500b Pro and 300d Pro devices.
Man-in-the-middle attacks in TLS/SSL certificate verification for FTPES/FTPS connections in ADM 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allow remote attackers to intercept and modify backup data and authentication credentials without patching available. The FTP Backup feature fails to properly validate certificates, enabling network traffic interception and credential compromise during secure file transfers. Affected organizations should implement network segmentation or disable FTPES/FTPS backup functionality until patches become available.
FastCGI path splitting vulnerability in Caddy before 2.11.1 allows request smuggling or path confusion when proxying to FastCGI backends (PHP-FPM). EPSS 0.19% with PoC available.
Caddy versions prior to 2.11.1 allow unauthenticated cross-origin requests to the admin API when origin enforcement is disabled, enabling attackers to remotely reconfigure the server through malicious web content loaded in a victim's browser. Public exploit code exists for this vulnerability, which can be leveraged to modify HTTP server behavior and admin listener settings without user knowledge. The vulnerability affects Caddy and TLS implementations, with no patch currently available for affected versions.
Host header case sensitivity bypass in Caddy before 2.11.1. Virtual host routing can be bypassed by using alternate casing in the Host header. PoC available.
Case sensitivity bypass in Caddy web server path matching before 2.11.1. HTTP path matchers can be bypassed using alternate casing on case-insensitive filesystems. PoC available.
TLS error swallowing in Caddy web server before 2.11.1 allows bypassing client certificate authentication. Errors in ClientCAs handling are silenced, potentially accepting invalid client certificates. PoC available.
Caddy versions prior to 2.11.1 fail to sanitize backslashes in file path matching, allowing attackers to bypass path-based security controls through specially crafted requests. The vulnerability affects systems with specific Caddy configurations and has public exploit code available. Exploitation requires network access with no authentication, resulting in limited information disclosure or modification of restricted resources.
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests [CVSS 7.4 HIGH]
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTPS request options when 'jx_obj.IsSecure' is true [CVSS 7.4 HIGH]
Improper certificate validation in Ayms node-To master Node.js module. The application does not properly validate TLS certificates, enabling man-in-the-middle attacks.
uTLS versions 1.6.7 and below fail to validate TLS 1.3 downgrade protection mechanisms, allowing network attackers to force ClientHello modifications that cause servers to respond with lower TLS versions while bypassing detection checks. An active attacker can exploit this to downgrade encrypted connections to TLS 1.2 or earlier, potentially exposing traffic to known cryptographic weaknesses. Affected users of uTLS, Red Hat, and other TLS implementations should update to patched versions immediately.
OpenClaw's mDNS/Bonjour discovery beacons transmit unauthenticated TXT records that iOS, macOS, and Android clients treat as authoritative for routing and TLS certificate pinning, allowing an attacker on a shared LAN to advertise a rogue service and redirect connections to attacker-controlled endpoints. An attacker can exploit this to bypass TLS pinning validation and potentially capture Gateway credentials through man-in-the-middle attacks. The vulnerability affects OpenClaw versions prior to 2026.2.14 and requires network proximity but no user interaction.
MajorDoMo home automation platform is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method without authentication due to improper use of gr() (which reads from $_REQUEST), allowing attackers to redirect update URLs and push malicious code packages.
TLS certification mechanism of Guardian Gryphon v01.06.0006.22 is affected by improper certificate validation (CVSS 7.5).
Galaxy FDS Android SDK version 3.0.8 and earlier disable TLS hostname verification by default, allowing attackers to perform man-in-the-middle attacks against applications using the library. All applications leveraging this SDK with default configuration are vulnerable to interception and modification of communications with Xiaomi FDS cloud storage, potentially compromising authentication credentials and file contents. No patch is currently available, and the affected open source project has reached end-of-life status.
SumatraPDF versions 3.5.0 through 3.5.2 fail to validate TLS certificates during software updates and execute installers without signature verification, allowing network attackers to perform man-in-the-middle attacks and inject malicious code. An attacker with any valid TLS certificate can intercept update requests and redirect users to a malicious installer, achieving arbitrary code execution on Windows systems. Public exploit code exists for this vulnerability and no patch is currently available.
DataHub versions prior to 1.3.1.8 are vulnerable to man-in-the-middle attacks during LDAP authentication due to insufficient TLS certificate validation, allowing attackers on the network to intercept and eavesdrop on sensitive authentication credentials. An unauthenticated attacker can downgrade the TLS connection to capture plaintext LDAP credentials without requiring user interaction. No patch is currently available for affected deployments.
Client-certificate-auth middleware for Node.js versions 0.2.1 and 0.3.0 fails to validate the Host header when redirecting HTTP requests to HTTPS, enabling attackers to craft malicious redirects that direct users to arbitrary domains. Public exploit code exists for this open redirect vulnerability, and no patch is currently available for affected versions.
Multiple stored XSS vulnerabilities in Axigen Mail Server before 10.5.57 WebAdmin interface allow authenticated administrators to inject persistent malicious scripts that execute in other admin sessions.
Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). [CVSS 8.1 HIGH]
Alist file manager has an improper certificate validation vulnerability allowing MITM attacks that could compromise file operations and stored credentials.
Improper TLS/SSL certificate validation in ADM's DDNS update function (versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.1.RCI1) enables remote man-in-the-middle attacks to intercept HTTPS communications and extract sensitive data including user email, MD5 hashed passwords, and device serial numbers. An unauthenticated attacker on the network can exploit this weakness without user interaction to compromise DDNS update credentials. No patch is currently available for affected versions.
OpenList versions prior to 4.1.10 disable TLS certificate verification by default in storage driver communications, enabling man-in-the-middle attacks where network-positioned attackers can intercept, decrypt, and manipulate all data exchanges with storage backends. This misconfiguration affects any deployment relying on OpenList Frontend's default settings and can be exploited via ARP spoofing, rogue access points, or compromised network infrastructure to redirect traffic to attacker-controlled servers. A patch is available in version 4.1.10 and later.
Amazon SageMaker Python SDK versions prior to v2.256.0 or v3.1.1 disable TLS certificate verification when importing Triton Python models, enabling attackers to perform man-in-the-middle attacks by presenting invalid or self-signed certificates. This vulnerability affects organizations using the affected SDK versions for model imports over HTTPS connections. No patch is currently available for this vulnerability.
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. [CVSS 5.3 MEDIUM]
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. [CVSS 7.7 HIGH]
Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. [CVSS 5.9 MEDIUM]
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. [CVSS 5.5 MEDIUM]
Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. [CVSS 5.9 MEDIUM]
The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 - 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. [CVSS 6.5 MEDIUM]
EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. [CVSS 7.4 HIGH]
Siebel Customer Relationship Management Deployment contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 7.5).
Node.js TLS servers using PSK or ALPN callbacks are vulnerable to denial of service when these callbacks throw unhandled synchronous exceptions during the TLS handshake. Remote attackers can exploit this by sending specially crafted TLS handshake requests to trigger resource exhaustion or process crashes, either through immediate termination or silent file descriptor leaks. No patch is currently available for this vulnerability.
A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. [CVSS 7.5 HIGH]
An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions up to 6.5 is affected by improper certificate validation (CVSS 7.4).
Denial of service in Traefik versions prior to 2.11.35 and 3.6.7 allows unauthenticated remote attackers to exhaust server resources by establishing incomplete ACME TLS-ALPN connections and leaving them open indefinitely. An attacker can send minimal ClientHello messages with the acme-tls/1 protocol and cease responding, causing goroutines and file descriptors to be held until the entry point becomes unavailable. The vulnerability affects systems with ACME TLS challenge enabled.
Malformed SSL packets can trigger a Denial-of-Service condition in Juniper SRX devices running Junos OS with UTM Web-Filtering enabled, causing Forwarding Processor Card (FPC) crashes and restarts without requiring authentication. An unauthenticated network-based attacker can exploit this input validation flaw in the Web-Filtering module to disrupt device availability across affected Junos versions (23.2R2-S2 through 24.4R2). No patches are currently available for earlier Junos versions, and affected systems remain vulnerable until updates are applied.
Junos Space versions up to 24.1 is affected by use of a broken or risky cryptographic algorithm (CVSS 5.9).
Credential theft via Lua script execution in Envoy Gateway versions before 1.5.7 and 1.6.2 allows authenticated attackers to extract proxy credentials and subsequently access the control plane and all associated secrets including TLS private keys. Public exploit code exists for this vulnerability. Affected organizations running vulnerable Envoy Gateway instances should immediately upgrade as no patch is currently available for intermediate versions.
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. [CVSS 2.5 LOW]
Errands before 46.2.10 does not verify TLS certificates for CalDAV servers. [CVSS 8.2 HIGH]
NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. [CVSS 8.8 HIGH]
When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. [CVSS 5.3 MEDIUM]
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. [CVSS 6.3 MEDIUM]
A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced.
Uniffle HTTP client (before 0.10.0) trusts all SSL certificates and disables hostname verification by default, exposing all REST API communication between the CLI and Coordinator to man-in-the-middle attacks.
Improper IV handling in libtpms 0.10.0 and 0.10.1 causes the library to return initial instead of final initialization vectors during symmetric cipher operations with OpenSSL 3.x, potentially weakening cryptographic security for local users who can interact with the TPM emulation. Public exploit code exists for this vulnerability affecting confidentiality of encrypted data. Update to libtpms 0.10.2 to remediate.
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration. [CVSS 3.4 LOW]
CVE-2025-49812 is an HTTP request smuggling/desynchronization vulnerability in Apache HTTP Server's mod_ssl that allows man-in-the-middle attackers to hijack HTTPS sessions by exploiting improper handling of TLS upgrades. Only Apache HTTP Server versions through 2.4.63 with 'SSLEngine optional' configurations are affected, enabling session hijacking with high confidentiality and integrity impact. The vulnerability requires network-level access and careful timing but does not require user interaction or privileges; upgrade to 2.4.64 (which removes TLS upgrade support entirely) is the recommended mitigation.
CVE-2025-23048 is an authentication bypass vulnerability in Apache HTTP Server 2.4.35-2.4.63 affecting mod_ssl configurations with multiple virtual hosts using different client certificate restrictions. An attacker with valid client certificates trusted by one virtual host can exploit TLS 1.3 session resumption to access another restricted virtual host if SSLStrictSNIVHostCheck is not enabled, achieving unauthorized access to confidential information and potentially modifying data. This is a network-accessible vulnerability with no authentication required and high real-world impact.
CVE-2024-47252 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.
A remote code execution vulnerability in IDF (CVSS 8.3). High severity vulnerability requiring prompt remediation.