CVE Daily
← All tags

Tag: TLS

All CVEs associated with "TLS". Page 3/13 • 1449 CVEs.

Subscribe CVEs: RSS for “TLS”  ·  RSS (High+Critical only)

About “TLS”

A curated feed of “TLS”-related CVEs appears below. We currently track 1449 CVEs for this tag (all time). In the last 365 days, 338 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-295 - Improper Certificate Validation, CWE-400 - Uncontrolled Resource Consumption, CWE-20 - Improper Input Validation.

In our taxonomy this topic maps to a MODERATE impact class. Crypto or TLS libraries have ecosystem wide impact. Upgrade, restart dependents, disable legacy protocols, and consider key rotation. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-11-17
Low

CVE-2025-65083

GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without co…

CVSS: 3.2 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-11-13
Critical

CVE-2025-36251

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses addit…

CVSS: 9.6 CWE: CWE-114 - Process Control View on NVD
High

CVE-2025-12765

pgAdmin <= 9.9  is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.

CVSS: 7.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-11-12
High

CVE-2025-64186

Evervault is a payment security solution. A vulnerability was identified in the `evervault-go` SDK’s attestation verification logic in versions of `evervault-go` prior to 1.3.2 that may allow incompl…

CVSS: 8.7 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
Unknown

CVE-2025-40176

In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tls_strp_msg_hold fails Async decryption calls tls_strp_msg_hold to create a clone of…

CVSS: N/A CWE: N/A View on NVD
High

CVE-2025-40149

In the Linux kernel, the following vulnerability has been resolved: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). get_netdev_for_sock() is called during setsockopt(), so not u…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2025-11-10
High

CVE-2025-64685

In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure

CVSS: 8.1 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-11-07
Medium

CVE-2025-64432

KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which c…

CVSS: 4.7 CWE: CWE-287 - Improper Authentication View on NVD
2025-11-05
Critical

CVE-2025-55108

The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in t…

CVSS: 10.0 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2025-10-30
Critical

CVE-2025-34271

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL…

CVSS: 9.8 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2025-54470

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry…

CVSS: 8.6 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-10-29
Critical

CVE-2025-12478

Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

CVSS: 9.8 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
2025-10-28
Medium

CVE-2025-34318

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOS…

CVSS: 5.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-34317

IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOS…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-10-21
Medium

CVE-2025-59438

Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.

CVSS: 5.3 CWE: CWE-208 - Observable Timing Discrepancy View on NVD
2025-10-20
Medium

CVE-2025-54764

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.

CVSS: 6.2 CWE: CWE-208 - Observable Timing Discrepancy View on NVD
2025-10-16
Medium

CVE-2025-55084

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension ver…

CVSS: 5.3 CWE: CWE-126 - Buffer Over-read View on NVD
2025-10-15
Medium

CVE-2025-55082

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK l…

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2025-55081

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciph…

CVSS: 9.1 CWE: CWE-126 - Buffer Over-read View on NVD
2025-10-13
High

CVE-2025-8915

Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network

CVSS: 8.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2025-10-06
Critical

CVE-2025-61778

Akka.NET is a .NET port of the Akka project from the Scala / Java community. In all versions of Akka.Remote from v1.2.0 to v1.5.51, TLS could be enabled via our `akka.remote.dot-netty.tcp` transport…

CVSS: 9.3 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
2025-10-04
Critical

CVE-2025-39946

In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we s…

CVSS: 9.8 CWE: N/A View on NVD
2025-10-01
High

CVE-2025-59150

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0's usage of the tls.subjectaltname keyword can lead…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2025-09-30
High

CVE-2025-24525

Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the e…

CVSS: 7.5 CWE: CWE-321 - Use of Hard-coded Cryptographic Key View on NVD
Medium

CVE-2025-9231

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing sid…

CVSS: 6.5 CWE: CWE-385 - Covert Timing Channel View on NVD
2025-09-29
High

CVE-2025-34235

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enable…

CVSS: 7.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
Critical

CVE-2025-34222

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes – /admin/hp/cert_uploa…

CVSS: 9.1 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2025-34211

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA and SaaS deployments) contain a private SSL key and matching publ…

CVSS: 4.9 CWE: CWE-321 - Use of Hard-coded Cryptographic Key View on NVD
Critical

CVE-2025-34196

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 (Windows client deployments) contain a hardcoded private key for the PrinterL…

CVSS: 9.8 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2025-09-26
Medium

CVE-2025-56463

Mercusys MW305R 3.30 and below is has a Transport Layer Security (TLS) certificate private key disclosure.

CVSS: 6.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2025-09-23
Medium

CVE-2025-10548

The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using…

CVSS: 6.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-09-19
High

CVE-2025-34199

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786 (VA and SaaS deployments) contain insecure defaults and code patter…

CVSS: 8.1 CWE: CWE-295 - Improper Certificate Validation View on NVD
Critical

CVE-2025-34192

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fi…

CVSS: 9.8 CWE: CWE-1104 - Use of Unmaintained Third Party Components View on NVD
2025-09-17
High

CVE-2025-59353

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the…

CVSS: 7.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2025-59347

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate verification in HTTP clients. The clients are not configura…

CVSS: 6.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2025-35434

CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.…

CVSS: 4.2 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-09-16
Low

CVE-2025-59270

psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' posi…

CVSS: 3.1 CWE: CWE-757 - Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') View on NVD
High

CVE-2025-55118

Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configur…

CVSS: 8.9 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2025-55117

A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases:…

CVSS: 5.3 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2025-55114

The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agen…

CVSS: 5.3 CWE: CWE-696 - Incorrect Behavior Order View on NVD
2025-09-15
Medium

CVE-2025-59154

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user identities…

CVSS: 5.9 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
High

CVE-2025-50944

An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the c…

CVSS: 8.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-09-05
Medium

CVE-2025-58369

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks thou…

CVSS: 5.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-39682

In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (…

CVSS: 7.1 CWE: N/A View on NVD
2025-09-03
High

CVE-2025-52494

Adacore Ada Web Server (AWS) before 25.2 is vulnerable to a denial-of-service (DoS) condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an H…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2025-08-28
Medium

CVE-2025-31972

HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data tr…

CVSS: 6.5 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2024-58240

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2025-08-26
Medium

CVE-2025-50976

IPFire 2.29 DNS management interface (dns.cgi) fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLS_HOSTNAME query parameters, resulting in a reflected cross-site scripti…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-08-22
High

CVE-2025-38616

In the Linux kernel, the following vulnerability has been resolved: tls: handle data disappearing from under the TLS ULP TLS expects that it owns the receive queue of the TCP socket. This cannot be…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-58239

In the Linux kernel, the following vulnerability has been resolved: tls: stop recv() if initial process_rx_list gave us non-DATA If we have a non-DATA record on the rx_list and another record of th…

CVSS: 5.5 CWE: N/A View on NVD
2025-08-20
Critical

CVE-2025-9074

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vul…

CVSS: 9.3 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
2025-08-19
Medium

CVE-2025-38608

In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the cor…

CVSS: 5.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2025-38571

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its ass…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2025-38566

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due…

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
2025-08-18
Critical

CVE-2025-55299

VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this…

CVSS: 9.4 CWE: CWE-521 - Weak Password Requirements View on NVD
2025-08-14
High

CVE-2025-20134

A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticate…

CVSS: 8.6 CWE: CWE-415 - Double Free View on NVD
High

CVE-2025-20127

A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Ci…

CVSS: 7.7 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2025-33142

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.

CVSS: 5.3 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2025-0309

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect t…

CVSS: 6.0 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-08-12
High

CVE-2025-50159

Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally.

CVSS: 7.3 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2024-41986

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506…

CVSS: 6.4 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2025-08-08
High

CVE-2025-8393

A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in…

CVSS: 7.3 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-08-06
Medium

CVE-2025-2028

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs

CVSS: 6.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-08-01
Medium

CVE-2025-6037

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.h…

CVSS: 6.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-07-28
High

CVE-2025-38471

In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This u…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2025-07-25
Medium

CVE-2025-38387

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert The obj_event may be loaded immediately after inserted, then if th…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2025-07-24
Medium

CVE-2025-36005

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could…

CVSS: 5.9 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-07-23
High

CVE-2025-41684

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotge…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2025-07-20
Medium

CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.

CVSS: 4.0 CWE: CWE-385 - Covert Timing Channel View on NVD
High

CVE-2025-47917

Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head a…

CVSS: 8.9 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2025-48965

Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.

CVSS: 4.0 CWE: CWE-696 - Incorrect Behavior Order View on NVD
2025-07-18
Critical

CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is…

CVSS: 9.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2025-07-15
Medium

CVE-2025-30754

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8…

CVSS: 4.8 CWE: CWE-284 - Improper Access Control View on NVD
2025-07-10
High

CVE-2025-49812

In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Onl…

CVSS: 7.4 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2025-23048

In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected w…

CVSS: 9.1 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-47252

Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.…

CVSS: 7.5 CWE: CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences View on NVD
2025-07-08
Medium

CVE-2025-41223

A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGG…

CVSS: 4.8 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
Medium

CVE-2025-41222

A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGG…

CVSS: 5.3 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
High

CVE-2024-31854

A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't che…

CVSS: 8.1 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2024-31853

A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't che…

CVSS: 8.1 CWE: CWE-295 - Improper Certificate Validation View on NVD
Low

CVE-2025-42978

The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard…

CVSS: 3.5 CWE: CWE-940 - Improper Verification of Source of a Communication Channel View on NVD
2025-07-04
Medium

CVE-2025-52497

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

CVSS: 4.8 CWE: CWE-193 - Off-by-one Error View on NVD
High

CVE-2025-52496

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM for…

CVSS: 7.8 CWE: CWE-733 - Compiler Optimization Removal or Modification of Security-critical Code View on NVD
2025-07-03
Medium

CVE-2025-38166

In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap [ 2172.936997] ------------[ cut here ]------------ [ 2172.936999] kernel BUG at lib/iov_iter.c:…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2025-38161

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction Upon RQ destruction if the firmware command fails which is the…

CVSS: 5.5 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
2025-06-25
High

CVE-2025-41256

Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered…

CVSS: 7.4 CWE: CWE-328 - Use of Weak Hash View on NVD
High

CVE-2025-41255

Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user…

CVSS: 8.0 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2025-06-24
High

CVE-2025-6032

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

CVSS: 8.3 CWE: CWE-295 - Improper Certificate Validation View on NVD
Critical

CVE-2025-6433

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in vi…

CVSS: 9.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2025-39205

A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.

CVSS: 6.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-06-20
Critical

CVE-2025-32878

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading f…

CVSS: 9.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-06-18
Medium

CVE-2025-49015

The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a co…

CVSS: 4.9 CWE: CWE-297 - Improper Validation of Certificate with Host Mismatch View on NVD
Medium

CVE-2022-49979

In the Linux kernel, the following vulnerability has been resolved: net: fix refcount bug in sk_psock_get (2) Syzkaller reports refcount bug as follows: ------------[ cut here ]------------ refcoun…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2025-38018

In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when alloc_page failed We cannot set frag_list to NULL pointer when alloc_page failed. It will be used…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2025-06-13
Low

CVE-2024-38823

Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.

CVSS: 2.7 CWE: CWE-294 - Authentication Bypass by Capture-replay View on NVD
2025-06-12
Medium

CVE-2025-49196

A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities of other users or device…

CVSS: 6.5 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2025-06-06
High

CVE-2025-41361

Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to tho…

CVSS: 8.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2025-06-04
Medium

CVE-2025-48960

Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938.

CVSS: 5.9 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
2025-05-28
Medium

CVE-2025-5025

libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolf…

CVSS: 4.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-05-22
Medium

CVE-2025-4575

Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certific…

CVSS: 6.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-05-21
Medium

CVE-2025-48417

The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An…

CVSS: 6.5 CWE: CWE-321 - Use of Hard-coded Cryptographic Key View on NVD
2025-05-16
Medium

CVE-2025-32407

Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites v…

CVSS: 5.9 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-05-14
Medium

CVE-2025-47888

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks.

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
2025-05-07
High

CVE-2024-47619

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildca…

CVSS: 7.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2025-27533

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to exces…

CVSS: 7.5 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
2025-05-01
Medium

CVE-2025-37756

In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unex…

CVSS: 5.5 CWE: N/A View on NVD
2025-04-28
Critical

CVE-2025-3200

An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols to intercept and manipulate encrypted communications between the Com-Server and connected systems.

CVSS: 9.1 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2025-04-23
High

CVE-2025-21605

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the se…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-04-19
Medium

CVE-2025-43918

SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's emai…

CVSS: 6.4 CWE: CWE-348 - Use of Less Trusted Source View on NVD
2025-04-17
Low

CVE-2024-42177

HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensiti…

CVSS: 2.6 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
2025-04-16
Medium

CVE-2025-22075

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Allocate vfinfo size for VF GUIDs when supported Commit 30aad41721e0 ("net/core: Add support for getting VF GUIDs") ad…

CVSS: 5.5 CWE: N/A View on NVD
2025-04-15
Medium

CVE-2025-24358

gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist…

CVSS: 5.4 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2025-04-02
High

CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
2025-04-01
High

CVE-2025-3085

A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's ce…

CVSS: 8.1 CWE: CWE-299 - Improper Check for Certificate Revocation View on NVD
2025-03-25
High

CVE-2025-1445

A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situation…

CVSS: 7.5 CWE: CWE-820 - Missing Synchronization View on NVD
Medium

CVE-2024-12169

A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CM…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2025-27810

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to…

CVSS: 5.4 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2025-27809

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostna…

CVSS: 5.4 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
High

CVE-2025-1097

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This ca…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
2025-03-18
Critical

CVE-2024-56347

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls.

CVSS: 9.6 CWE: CWE-114 - Process Control View on NVD