Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network proc
LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context
The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying tru
A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. T
Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on
LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt, potentially allowing attacke
LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the full-screen security Toast notification is not properly re-displayed when users ret
QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communic
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middl
An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc
An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS comm
A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (Al
goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component.
Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification.
The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack.
The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.
IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.
When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and ser
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiCli
Page 1+ Next →