Search Vulnerabilities

Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1

Termix has improper certificate validation in Electron desktop client that enables MITM credential/token theft

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or UAA client secret) and...

Apache Airflow: No certificate validation on SMTP STARTTLS connections

ex_aws_sns SigningCertURL not validated in verify_message/1

nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification

OCSP responder certificate validity period not checked in public_key

Non-CA certificate accepted as intermediate issuer in public_key path validation

OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured

Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans

epa4all-client: VAU Signature bypass

epa4all-client: TLS Certificate Validation Disabled in Production

Sunshine: Authentication bypass via improper client certificate validation

An improper certificate validation vulnerability in Ivanti Secure Access Client before 22

Dell PowerFlex Manager, version(s) <=4

Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in rm/incs/mobile_login.inc.php

Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/login.inc.php

Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/functions.inc.php

Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in ajax/reports.php

Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability